vulnerability
CVE-2018-10933: libssh: Authentication bypass in server code
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | Oct 16, 2018 | Oct 18, 2018 | Oct 19, 2018 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Oct 16, 2018
Added
Oct 18, 2018
Modified
Oct 19, 2018
Description
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authenticate
without any credentials.
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authenticate
without any credentials.
Solution
libssh-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.