Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2018-10933

Last updated March 13, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

Description

libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authenticate without any credentials.

Patch Availability

Patches addressing the issue have been posted to:
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
libssh version 0.8.4 and libssh 0.7.6 have been released to address this issue.

Workaround

There is no workaround for this issue.

Credit

The bug was discovered by Peter Winter-Smith of NCC Group.
Patches are provided by the Anderson Toshiyuki Sasaki of Red Hat and the libssh team.

Add Assessment

1
Ratings
Technical Analysis

LibSSH isn’t common as other SSH server softwares and vulnerability is pretty dates so finding this in the wild won’t be a walk in the park.
Having said that, if adversaries will find this software installed with a vulnerable version, exploitation is extremely easy (multiple exploit exists in the internet) and usually will provided access from the external to the server while fully bypassing the authentication.
for example – https://github.com/xFreed0m/CVE-2018-10933

General Information

Additional Info

Technical Analysis