CVE-2023-51384 in OpenSSH
Summary
by MITRE • 12/18/2023
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/29/2026
The vulnerability identified as CVE-2023-51384 affects the ssh-agent component within OpenSSH versions prior to 9.6, specifically targeting the handling of destination constraints for PKCS#11-hosted private keys. This flaw represents a significant security weakness in the authentication infrastructure that could undermine the integrity of key management operations within secure environments. The issue manifests when users attempt to add multiple private keys from a PKCS#11 token while specifying destination constraints, which are intended to limit where those keys can be used for authentication purposes.
The technical flaw stems from an incomplete implementation of constraint application logic within the ssh-agent daemon. When processing PKCS#11 tokens that contain multiple private keys, the system properly applies destination constraints to the first key in the sequence but fails to propagate these same restrictions to subsequent keys returned by the same token. This partial constraint application creates a scenario where some keys retain unrestricted usage capabilities while others are properly restricted, leading to inconsistent security policies across the key set. The vulnerability directly relates to CWE-284 which addresses improper access control mechanisms, specifically in how access restrictions are enforced across multiple entities within a single operation.
From an operational perspective, this vulnerability creates a potential attack vector where malicious actors could exploit the inconsistent constraint application to bypass intended security restrictions. An attacker who gains access to a system with improperly constrained keys could potentially use unrestricted keys for authentication in contexts where they should be restricted, while legitimate users might be denied access to systems they should be able to reach due to overly restrictive constraints on other keys. The impact extends beyond simple access control, as it could enable privilege escalation scenarios or provide unauthorized access to sensitive systems where key usage should be limited to specific destinations or protocols.
The security implications of this vulnerability align with several tactics outlined in the MITRE ATT&CK framework, particularly those related to privilege escalation and credential access. Adversaries could leverage this weakness to expand their operational capabilities by using unconstrained keys for authentication in systems where they should be restricted. The flaw also represents a breakdown in defense in depth principles, where the expected security controls fail to maintain consistent enforcement across all elements within a single authentication operation. Organizations should consider implementing additional monitoring for ssh-agent operations and constraint violations, as well as conducting comprehensive audits of key management policies to ensure that all keys are properly constrained according to security requirements.
The remediation for this vulnerability requires updating to OpenSSH version 9.6 or later, where the constraint application logic has been corrected to properly apply destination restrictions to all keys returned by PKCS#11 tokens. System administrators should also review existing key constraints and re-evaluate the security posture of systems using ssh-agent with PKCS#11 integration. Organizations maintaining legacy systems should implement temporary compensating controls such as enhanced monitoring, restricted access to ssh-agent processes, and regular security assessments to identify any potential exploitation of this vulnerability in their environments.