Vulnerability & Exploit Database

Back to search

CVE-2018-10933: libssh: Authentication bypass in server code

Severity CVSS Published Added Modified
6 (AV:N/AC:L/Au:N/C:P/I:P/A:N) October 16, 2018 October 18, 2018 October 19, 2018

Available Exploits 

Description

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

libssh-upgrade-latest

Related Vulnerabilities