From 076681a67197341c2853f7e75ac5294f6e2a1756 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Thu, 8 Jul 2021 10:18:25 -0400
Subject: [PATCH] Added 3 new key exchanges:
 gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,
 gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,
 gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==

---
 README.md                   | 1 +
 src/ssh_audit/ssh2_kexdb.py | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/README.md b/README.md
index d675333..57b1fea 100644
--- a/README.md
+++ b/README.md
@@ -183,6 +183,7 @@ For convenience, a web front-end on top of the command-line tool is available at
  - Added `-d`/`--debug` option for getting debugging output; credit [Adam Russell](https://github.com/thecliguy).
  - Updated JSON output to include MD5 fingerprints.  Note that this results in a breaking change in the 'fingerprints' dictionary format.
  - Updated OpenSSH 8.1 (and earlier) policies to include `rsa-sha2-512` and `rsa-sha2-256`.
+ - Added 3 new key exchanges: `gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==`, `gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==`, and `gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==`.
  - Added 3 new MACs: `hmac-ripemd160-96`, `AEAD_AES_128_GCM`, and `AEAD_AES_256_GCM`.
 
 ### v2.4.0 (2021-02-23)
diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py
index 7e1fceb..643d9c6 100644
--- a/src/ssh_audit/ssh2_kexdb.py
+++ b/src/ssh_audit/ssh2_kexdb.py
@@ -66,10 +66,13 @@ class SSH2_KexDB:  # pylint: disable=too-few-public-methods
         'kex': {
             'diffie-hellman-group1-sha1': [['2.3.0,d0.28,l10.2', '6.6', '6.9'], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_HASH_WEAK]],
             'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_HASH_WEAK]],
+            'gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==': [[], [], [WARN_HASH_WEAK]],
             'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
             'gss-gex-sha1-': [[], [], [WARN_HASH_WEAK]],
+            'gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]],
             'gss-group1-sha1-': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]],
             'gss-group14-sha1-': [[], [], [WARN_HASH_WEAK]],
+            'gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==': [[], [], [WARN_HASH_WEAK]],
             'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]],
             'gss-group14-sha256-': [[]],
             'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],