Libssh is a four-year-old vulnerability that allows anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. We thought that this was dead however it has now been discovered in the Secure Shell (SSH) implementation library.
Peter Winter-Smith form NCC Group discovered a security bug Tracked as CVE-2018-10933, the security vulnerability is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, this not only hit smaller servers but this vulnerability affected thousands of enterprises leaving their servers open to hackers for the last four years.
According to a security advisory published Tuesday, all an attacker needs to do is sending an “SSH2_MSG_USERAUTH_SUCCESS” message to a server with an SSH connection enabled when it expects an “SSH2_MSG_USERAUTH_REQUEST” message.
How does it work?
There is a logical flaw in libssh where the library fails to validate if the incoming “successful login” packet was sent by the server or the client, and also fails to check if the authentication process has been completed or not.
Meaning that is a remote attacker or a ‘client’ sends this “SSH2_MSG_USERAUTH_SUCCESS” response to libssh, it considers that the authentication has been successful and will grant the attacker full access to the companies servers, without needing to enter any passwords.
GitHub, known as “the world’s leading software development company” a company that has just been acquired by Microsoft for $7.5 Billion also uses libssh, however, the company has come out saying that the official website and GitHub Enterprise have not been affected by the vulnerability due to how GitHub uses the library.
While we use libssh, we can confirm that https://t.co/0iKPk21RVu and GitHub Enterprise are unaffected by CVE-2018-10933 due to how we use the library.
— GitHub Security (@GitHubSecurity) October 16, 2018
Shodan search is showing that around 6,500 internet-facing servers may have been affected by this vulnerability due to the use of Libssh.
The Libssh Response
The Libssh security team has addresses the issues directly with the release of a new update, versions 0.8.4 and 0.7.6 on Tuesday, and not only these updates have been released by the team but also the details of the vulnerability were also released.
If you know what you’re doing and understand Libssh and know if you are using the library, we would highly advise that you check your servers and install the updated versions as soon as possible. Otherwise, if you don’t understand and would like to know if you’ve been affected we are currently offering a free system vulnerability check so please contact us as soon as possible.
Other articles you may enjoy:
- 2018 guide: integrating cloud into your business
- How to migrate out of the cloud and back to on-prem
- 30 Million Facebook accounts have been hacked
- VPNFilter Malware attack has gotten bad