CVE-2018-10933: libssh: Authentication bypass in server code
|6||(AV:N/AC:L/Au:N/C:P/I:P/A:N)||October 16, 2018||October 18, 2018||October 19, 2018|
Descriptionlibssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities