Skip to main content


Showing posts from October, 2018

Bypass SSHv2 Authentication with help of libssh Flaw [CVE-2018-10933]

A vulnerability in libssh, a popular library for supporting the Secure Shell (SSH) authentication protocol, leaves thousands, if not more, of enterprise servers open to attacks. The vulnerability allows an attacker to bypass authentication procedures and gain access to a server with an SSH connection enabled without having to enter the password . An attacker can do this by sending the SSH server "SSH2_MSG_USERAUTH_SUCCESS" message instead of the "SSH2_MSG_USERAUTH_REQUEST" message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate. Because of a coding error, when libssh receives the "SSH2_MSG_USERAUTH_SUCCESS" message, it will interpret this as the "authentication has already taken place" and will grant the attacker access to the local server. The vulnerability, which is tracked as CVE-2018-10933, was introduced in libssh 0.6.0, released in January 2014. The libssh team released versio