Ames Computers / Walden Systems

There's a bug that is over four years old in the Secure Shell implementation known as libssh that makes it easy for anyone to gain administrative control of a vulnerable server. While the authentication bypass flaw represents a major security hole that should be patched immediately, it wasn't immediately clear what sites or devices were vulnerable since neither the widely used OpenSSH nor Github's implementation of libssh was affected. The vulnerability, which was released in libssh version 0.6 in 2014, makes it possible to log in by sending a server a SSH2_MSG_USERAUTH_SUCCESS message rather than the SSH2_MSG_USERAUTH_REQUEST message the server was expecting. The last time the world saw an authentication bypass bug with such serious consequences and requiring so little effort was a year ago, when Apple's MacOS let people log in as admin without entering a password.

The effects of any attacks if any, aren't known. In a worst-case scenario, hackers would be able to use the exploit to gain complete control over vulnerable servers. The hackers could steal encryption keys and user data, install root kits and erase logs that recorded the unauthorized access. Anyone who has used a vulnerable version of libssh in server mode should consider conducting a thorough audit of their network immediately after updating. So far, there were no immediate reports of any large sites being attacked by the exploit, which the National Institute of Standards and technology tagged CVE-2018-10933. While Github uses libssh, the site officials stated that they are unaffected by CVE-2018-10933 due to how they use the library. In a follow-up tweet, GitHub security officials said they use a customized version of libssh that implements an authentication mechanism separate from the one provided by the library. To be cautious, GitHub installed a patch after the NIST published the vulnerability in it's National Vulnerability Database.