A serious security flaw has been found in the LibSSH library that allowed hackers to directly log into a server without ever using a password.
What is SSH?
SSH stands for Secure Shell which is a remote protocol which helps to manage computers remotely. Also many applications use SSH to perform remote commands on a running server. The main purpose of SSH is to establishe a secure channel (Tunnel) between the client and the remote server.
What software implementations use LibSSH?
One widely used software implementation that uses LibSSH is cURL which is shipped with every Mac and also included in every Linux distribution, it is widely used for automating updates and downloads on IoT devices. Although cURL is not included in servers to process incoming connections and uses LibSSH2 which is not affected by the vulnerability.
Is there a silver lining?
Yes there is, and a big one at that, fortunately the biggest market share of SSH products are OpenSSH and LibSSH2 which are both unaffected, consequently the attack surface for SSH products is greatly reduced.
See the following video for a full explanation
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018