After disclosure that the libssh library has a vulnerability that allows attackers to bypass password authentication to access an SSH-connected server, vendors using the library have begun to investigate whether their products are affected .
Cisco Systems and F5 Networks are among the companies that look to see if their products have been affected. The former still did not confirm whether this occurred and the second, in turn, reported that so far the flaw was found only in the BIG-IP application delivery controllers, but stated that only on the BIG-IP AFM SSH virtual servers that use based authentication are vulnerable. Red Hat Enterprise Linux 7 Extras was also given as vulnerable, as well as Debian (fixed in version 0.7.3–2 + deb9u1), Ubuntu (18.04 LTS, 16.04 LTS, 14.04 LTS and derivatives), and SUSE Linux Enterprise 12 and 15 .
The failure CVE-2018–10933, reported on day 17, affects version 0.6.0 of libssh and occurs due to a coding error, which allows the server to understand that authentication occurred even without password insertion, only with the sending the message “SSH2_MSG_USERAUTH_SUCCESS”. Corrections are available in versions 0.8.4 and 0.7.6 of the library.
Article originally published in the Tempest Soundbites app, available to Tempest customers on Android and iOS versions. To get a credential, talk to your relationship manager.