libssh vulnerability

An open source library, libssh, announced a fixed vulnerability today. I’ll let them explain:

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials.

Good thing we use openssh in my company! I don’t have to monitor a bunch of software systems for security fixes and deployment–

$ nc github-enterprise.server 22


Leave a Reply

Your email address will not be published. Required fields are marked *