Blog

libssh

18 Jan: Critical Vulnerability discovered in libssh (CVE-2018-10933)

libssh, a tiny C SSH library, contains an authentication bypass vulnerability in libssh’s server-side code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate…