CVE advisoryCRITICAL
CVE-2023-28531
OpenSSH Smartcard Key Management Risk
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A flaw in OpenSSH's `ssh-add` feature allows smartcard keys to be added to the `ssh-agent` without intended restrictions. This could enable unauthorized access to data and systems, posing a business risk. Organizations using affected versions should identify and secure these systems.