CVE-2018-10933 – WindowsTechs.com

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

Posted on October 17, 2018 by Tara Seals

The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected. Continue reading libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers→

Serious SSH bug lets crooks log in just by asking nicely…

Posted on October 17, 2018 by Paul Ducklin

A serious bug in libssh could allow crooks to connect to your server – with no password requested or required. Here’s what you need to know. Continue reading Serious SSH bug lets crooks log in just by asking nicely…→

LibSSH Vuln: You Don’t Need to See my Authentication

Posted on October 17, 2018 by Jonathan Bennett

Another day, another CVE (Common Vulnerabilities and Exposures). Getting a CVE number assigned to a vulnerability is a stamp of authenticity that you have a real problem on your hands. CVE-2018-10933 is a worst case scenario for libssh. With a single response, an attacker can completely bypass authentication, giving full access to a system.

Before you panic and yank the power cord on your server, know that libssh is not part of OpenSSH. Your Linux box almost certainly uses OpenSSH as the SSH daemon, and that daemon is not vulnerable to this particular problem. Libssh does show up in a …read more

Continue reading LibSSH Vuln: You Don’t Need to See my Authentication→