LibSSH Flaw Allows Hackers to Take Over Servers Without Password

October 16, 2018

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.

The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving thousands of enterprise servers open to hackers for the last four years.

But before you get frightened, you should know that neither the widely used OpenSSH nor Github’s implementation of libssh was affected by the vulnerability.

The vulnerability resides due to a coding error in Libssh and is “ridiculously simple” to exploit.

Read more

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.