A Serious Security Flaw Found in LibSSH

in #curl6 years ago


A serious security flaw has been found in the LibSSH library that allowed hackers to directly log into a server without ever using a password.

What is SSH?


SSH stands for Secure Shell which is a remote protocol which helps to manage computers remotely. Also many applications use SSH to perform remote commands on a running server. The main purpose of SSH is to establishe a secure channel (Tunnel) between the client and the remote server.

What software implementations use LibSSH?


One widely used software implementation that uses LibSSH is cURL which is shipped with every Mac and also included in every Linux distribution, it is widely used for automating updates and downloads on IoT devices. Although cURL is not included in servers to process incoming connections and uses LibSSH2 which is not affected by the vulnerability.

Is there a silver lining?


Yes there is, and a big one at that, fortunately the biggest market share of SSH products are OpenSSH and LibSSH2 which are both unaffected, consequently the attack surface for SSH products is greatly reduced.

See the following video for a full explanation


#flaw #libssh #libsshexploit #libsshexploitcode
6 years ago in #curl by
$0.00
    2 votes
    Reply 1
    Sort:  
  • Trending
    • [-]
     6 years ago 

    Congratulations @twr! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

    Award for the total payout received

    Click on the badge to view your Board of Honor.
    If you no longer want to receive notifications, reply to this comment with the word STOP

    Do not miss the last post from @steemitboard:

    SteemitBoard Ranking update - Resteem and Resteemed added

    Support SteemitBoard's project! Vote for its witness and get one more award!

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.19
      TRX 0.15
      JST 0.029
      BTC 63022.98
      ETH 2580.28
      USDT 1.00
      SBD 2.72