Security researcher has discovered a critical vulnerability in Libssh which could allow attackers to bypass authentication and gain administrative access to the Target server without any credentials
Security researcher has discovered a critical vulnerability in Libssh which could allow attackers to bypass authentication and gain administrative access to the Target server without any credentials. A 4-year-old critical flaw was discovered by security researcher Peter Winter-Smith from NCC Group in Libssh, a Secure Shell (SSH) implementation library and disclosed it to the company. The vulnerability tracked as CVE-2018-10933 is an authentication bypass issue in the server code in Libssh version 0.6. “This is an important security and maintenance release in order to address CVE-2018-10933.libssh versions 0.6 and above have an authentication bypass vulnerability in the server code.” “By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credential” said in the advisory published by the company. Attackers could exploit the vulnerability to bypass authentication and gain administrative control over the server without any password or credentials. Attackers just need to send a SSH2_MSG_USERAUTH_SUCCESS message to the server instead of the SSH2_MSG_USERAUTH_REQUEST message which could successfully authenticate attacker without any password and grant access. According to experts, the flaw could affect at least 3000 servers based on the search performed in shodan search engine. The company has fixed the issue in the latest version of libssh versions 0.8.4 and 0.7.6. Users are advised to update immediately. For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin and Twitter.
You may be interested in reading:Critical Flaw in Branch.io Affects Around 685 Million Users