It’s Ok, I’m verified; libssh flaw allows attacker bypass server authentication

October 19, 2018

A vulnerability in the libssh platform could allow an attacker to bypass authentication and gain full control over vulnerable servers.

The vulnerability basically allows the attacker to simply tell the targeted system that the authentication is complete rather than the other way around and the server accepts the command without validating.

As a result of the flaw, an attacker could authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, according to an Oct. 16 security advisory.

Tenable researchers found nearly 2000 devices running libssh versions 0.6 and although the full scope of the issue is unclear, libssh also reportedly needs to be ran in server mode, not client mode, which may limit the impact of this vulnerability the researchers said.

The vulnerability has been addressed in libssh versions 0.8.4 and 0.7.6 and users are advised to update their systems as soon as their server distributions release patches.

It’s Ok, I’m verified; libssh flaw allows attacker bypass server authentication

Related

7 vulnerabilities patched in Axeda IIoT remote management tool, popular in medical sector

Medical device disclosures on the rise, but providers struggle to patch known flaws

Ransomware anatomy: Dual cyberattacks on provider call for vulnerability review

Get daily email updates