Security News > 2018 > October > LibSSH Flaw Allows Hackers to Take Over Servers Without Password

LibSSH Flaw Allows Hackers to Take Over Servers Without Password
2018-10-17 10:48

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/SyufV9qQ1_8/libssh-ssh-protocol-library.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-10933 Improper Authentication vulnerability in multiple products
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4.
network
low complexity
libssh canonical debian redhat netapp oracle CWE-287
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Libssh 1 0 10 2 1 13