-
Notifications
You must be signed in to change notification settings - Fork 793
Closed
Description
Please answer the following
"OpenSSH for Windows" version
0.0.12.0
OS details
All
What is failing
Elevation of privilege in the following setting:
- SSO setup for admin user with both client and server on the same box.
- User private key registered in ssh-agent and user's public key added as authorized for key-based auth
Malware running within an admin non-evelated session and create a ssh remote session over loopback (or to local IP) and can access an elevated remote ssh session on the same box.
Expected output
SSH remote sessions created with SSO over loopback should have no more privileges than client process.
Actual output
SSh remote sessions are elevated.
snewell92, ExE-Boss and RokeJulianLockhart