Authentication Bypass Vulnerability in the libSSH Library
In October 2018, it was revealed that there existed an authentication bypass vulnerability in the libSSH library. This immediately gained attention of the InfoSec media, which started throwing around wild speculations about its scope and impact.
It also gained the attention of security researcher Rob Graham who started to investigate the issue himself. He started to scan the internet with the Shodan service to search for exposed services that were vulnerable.
Shortly after it was found that not many of the exposed services on the net were running services built with the vulnerable libSSH library.
What is important to note is that libSSH is different from libSSH2 which is not vulnerable and is not related to OpenSSH or OpenSSL.
While the impact is not a critical as immediately thought, vendors such as Cisco and F5 started to take a hard look at their product offerings for this vulnerability.
Cisco has yet to find this issue in any of their products, but F5 Networks confirmed that their BIG-IP (AFM) products are affected.
This may still be a developing story as vendors and researchers investigate further but this does seem to be as bad as first reported on.
If you are using libSSH based services or are using libSSH in a development environment, patch now.
If you are unsure of whether or not you could be affected, researchers at Leap Security have created a scanner to check for and validate vulnerable services.
If you would like to read more about vulnerabilities that our Threat & Vulnerability Management team has found and remediated, view our blog posts here.
Threat & Vulnerability Management
VerSprite offers a new level of integrated security solutions that provide improved context around discovered vulnerabilities, 24/7 enterprise security monitoring, and experienced open-source intelligence gathering tradecraft. Learn More →