{"uuid": "ceae6ffb-ba88-475f-838e-65ddad65e821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://t.me/information_security_channel/21258", "content": "This is an important security and maintenance release in order to address CVE-2018-10933.\n\nlibssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.\n\nThe bug was discovered by Peter Winter-Smith of NCC Group.\n\nhttps://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/", "creation_timestamp": "2018-10-16T20:19:51.000000Z"}