Home Resources Blog LibSSH Flaw Allows Hackers to Take Over Servers Without Password

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

Admin Globaldots
19.10.2018
image 1 Min read

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.

The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving thousands of enterprise servers open to hackers for the last four years

According to a security advisory published Tuesday, all an attacker needs to do is sending an “SSH2_MSG_USERAUTH_SUCCESS” message to a server with an SSH connection enabled when it expects an “SSH2_MSG_USERAUTH_REQUEST” message.

Due to a logical flaw in libssh, the library fails to validate if the incoming “successful login” packet was sent by the server or the client, and also fails to check if the authentication process has been completed or not.

Therefore, if a remote attacker (client) sends this “SSH2_MSG_USERAUTH_SUCCESS” response to libssh, it considers that the authentication has been successful and will grant the attacker access to the server, without needing to enter a password.

Read more: The Hacker News

Learn More

You’ll Need Zero Trust, But You Won’t Get It with a VPN
SD-WAN and SASE
Eyal Webber Zvik, Cato Networks 12.01.23

Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero trust initiative is supported with the right tools. Legacy solutions, such as virtual private networks (VPNs), lack the capabilities necessary to implement a zero trust security strategy. Zero Trust Security is […]

Read more
4 Ways Where Remote Access VPNs Fall Short
SD-WAN and SASE
Eyal Webber Zvik, Cato Networks 09.01.23

The Global Content Delivery Network (CDN) market is expected to grow by $42.4 billion between now and 2032.

Read more
slider item
Content Delivery Network (CDN)
Francesco Altomare, Southern Europe Regional Manager @ GlobalDots 04.01.23

A Content Delivery Network (CDN) is a globally distributed network of web servers or Points of Presence (PoP) whose purpose is to provide faster content delivery. The content is replicated and stored throughout the CDN so the user can access the data that is stored at a location that is geographically closest to the user. […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo