A Serious Security Flaw Found in LibSSH

  • 399
  •  
  •  
  • 2
  •  
  •  
  •  
    401
    Shares

A serious security flaw has been found in the LibSSH library that allowed hackers to directly log into a server without ever using a password.

What is SSH?

SSH stands for Secure Shell which is a remote protocol which helps to manage computers remotely. Also many applications use SSH to perform remote commands on a running server. The main purpose of SSH is to establishe a secure channel (Tunnel) between the client and the remote server.

What software implementations use LibSSH?

One widely used software implementation that uses LibSSH is cURL which is shipped with every Mac and also included in every Linux distribution, it is widely used for automating updates and downloads on IoT devices. Although cURL is not included in servers to process incoming connections and uses LibSSH2 which is not affected by the vulnerability.

Is there a silver lining?

Yes there is, and a big one at that, fortunately the biggest market share of SSH products are OpenSSH and LibSSH2 which are both unaffected, consequently the attack surface for SSH products is greatly reduced.

See the following video for a full explanation

The following two tabs change content below.
Avatar
I am a programmer and tech enthusiast who loves to use my creative skills to solve complex problems. I also love to stay abreast of what is happening in the world of technology, reach me at: [email protected]
Avatar

Harikrishna Mekala

I am a programmer and tech enthusiast who loves to use my creative skills to solve complex problems. I also love to stay abreast of what is happening in the world of technology, reach me at: [email protected]

Do NOT follow this link or you will be banned from the site!