- Jul 22, 2014
- 2,525
Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices.
This vulnerability has been assigned CVE-2018-10933 ID and is trivial to exploit as all you have to do is send the SSH2_MSG_USERAUTH_SUCCESS when libssh expects SSH2_MSG_USERAUTH_REQUEST. By doing this, the library will think you are successfully authenticated and allow you in.
While this vulnerability has been fixed in libssh versions 0.7.6 and 0.8.4, researchers have released scanners and scripts that make it simple to exploit the vulnerability and execute commands remotely for vulnerable versions.
Below we have listed the known advisories related to this vulnerability. This information will be updated as more advisories are released.
Vendor libssh CVE-2018-10933 advisories
..
...
Researchers release working exploits and scanners
...
...
This vulnerability has been assigned CVE-2018-10933 ID and is trivial to exploit as all you have to do is send the SSH2_MSG_USERAUTH_SUCCESS when libssh expects SSH2_MSG_USERAUTH_REQUEST. By doing this, the library will think you are successfully authenticated and allow you in.
While this vulnerability has been fixed in libssh versions 0.7.6 and 0.8.4, researchers have released scanners and scripts that make it simple to exploit the vulnerability and execute commands remotely for vulnerable versions.
Below we have listed the known advisories related to this vulnerability. This information will be updated as more advisories are released.
Vendor libssh CVE-2018-10933 advisories
..
...
Researchers release working exploits and scanners
...
...