Thousands Of Servers Vulnerable To Hacking Due To libssh Flaw

Posted on October 17, 2018 at 2:25 PM

Thousands Of Servers Vulnerable To Hacking Due To libssh Flaw

New reports claim that a security flaw was found in libssh, a popular library used for supporting the SSH authentication protocol. According to experts, such a flaw has the potential to endanger thousands of enterprise servers, and leave them vulnerable to hijacking.

Due to this flaw, attackers can easily bypass authentication procedures implemented as a level of server protection. In doing so, attackers could get access to servers with enabled SSH connection. In such a scenario, a potential hacker could completely eliminate any need for a password.

In case of an attack, hackers can send a false message to servers. Instead of the message being “SSH2_MSG_USERAUTH_REQUEST” hackers could change it into “SSH2_MSG_USERAUTH_SUCCESS”. As a result, the server would grant them access instead of questioning their identity.

In short, servers can be tricked into thinking that the authentication process has already taken place.

The situation may not be as bad as it sounds

The vulnerability was named CVE-2018-10933, and its origins were tracked to a libssh 0.6.0 update that was released in January 2014. Soon after its discovery, the libssh team released two new versions that will patch the flaw. These versions include 0.8.4 and 0.7.6, which were released yesterday.

The bug itself was originally discovered by NCC Group’s Peter Winter-Smith. Additionally, Cybereason’s head of security research, Amit Serper, estimated that the library affected around 3,000 servers.

In terms of coding, the vulnerability is seen as an extremely bad. However, when it comes to real-world computing, the situation may not be so dire after all. This is due to the fact that most IoT devices, servers, and personal computers tend to implement openssh library instead of libssh.

Among the largest websites that are supporting libssh is GitHub, but its security team already confirmed that GitHub is not affected by the bug. This is a good news since if GitHub was vulnerable, anyone could have accessed both the source code, as well as the intellectual property of some of the largest firms in the world.

For now, it was only confirmed that the vulnerable code is present in libssh’s server-side code. What this means is that computers that have libssh-based SSH client are not in danger of having their systems accessed. That is unless the client is designed to also run as an SSH server. So far, no exploits have been reported. However, it is likely that additional reports will start appearing in the next several days.

Summary
Thousands Of Servers Vulnerable To Hacking Due To libssh Flaw
Article Name
Thousands Of Servers Vulnerable To Hacking Due To libssh Flaw
Description
New reports claim that a security flaw was found in libssh, a popular library used for supporting the SSH authentication protocol. According to experts, such a flaw has the potential to endanger thousands of enterprise servers, and leave them vulnerable to hijacking.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading