Thousands of Servers Vulnerable to Hijacking Due to Libssh Vulnerability
- A vulnerability found in SSH library authentication protocol Libssh has left enterprise servers vulnerable to attacks.
- The vulnerability was found by NCC Group’s Peter Winter-Smith.
- The bug has been present for a year without any patches but does not have much effect on real-world computing.
A Libssh bug that was discovered by Peter Winter-Smith of NCC group may have compromised thousands of enterprise servers due to a coding error. Enterprise servers make use of the SSH library, and they have been left open to attacks due to the error in coding. The vulnerability allows attackers to ignore authentication procedures and get access to any server that has SSH connection enabled on them.
While the vulnerability is critical when it comes to coding, the issue is not very likely to have real-world consequences because most servers that are vulnerable take advantage of SSH support via the OpenSSH library instead of libssh. The same applies to personal computers and IoT devices as well.
Errrr.... Uh-oh. pic.twitter.com/E4L6JInc0j
— Amit Serper (@0xAmit) October 16, 2018
Websites like GitHub that take advantage of libssh have gone on record and have stated that they have not been affected after analysis. Fortunately, Github’s libssh-based login was secured which prevented an attack. Github revealed on Twitter “ We use a custom version of libssh; SSH2_MSG_USERAUTH_SUCCESS with the libssh server is not relied upon for pubkey-based auth, which is what we use the library for. Patches have been applied out of an abundance of caution, but [GitHub Enterprise] was never vulnerable to CVE-2018-10933”.
The vulnerability is present only server side, and if you have a libssh-based SSH client on your computer, it will not allow an attacker to break into your system unless the client is also designed to run it as an SSH server. The exploit has not been made public yet but it is likely to be published in the coming days, and a patch has already been deployed. Most major companies that used the technology have already secured themselves from attacks, which minimizes the risk of the exploit being abused.
What do you think about the secure shell exploit? Let us know in the comments below. Also, make sure to follow us on Facebook and Twitter. Thanks!