{"id":5742,"date":"2018-10-17T13:22:37","date_gmt":"2018-10-17T17:22:37","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/?p=5742"},"modified":"2018-10-17T13:22:37","modified_gmt":"2018-10-17T17:22:37","slug":"libssh-flaw-allows-hackers-to-take-over-servers-without-password","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/2018\/10\/17\/libssh-flaw-allows-hackers-to-take-over-servers-without-password\/","title":{"rendered":"LibSSH Flaw Allows Hackers to Take Over Servers Without Password"},"content":{"rendered":"

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as\u00a0Libssh\u00a0<\/b>that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.
\nThe security vulnerability, tracked as\u00a0CVE-2018-10933<\/b>, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving thousands of enterprise servers open to hackers for the last four years.<\/p>\n

According to a security advisory published Tuesday, all an attacker needs to do is sending an “SSH2_MSG_USERAUTH_SUCCESS” message to a server with an SSH connection enabled when it expects an “SSH2_MSG_USERAUTH_REQUEST” message.<\/p>\n

https:\/\/thehackernews.com\/2018\/10\/libssh-ssh-protocol-library.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as\u00a0Libssh\u00a0that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as\u00a0CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, […]<\/p>\n","protected":false},"author":20416,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[715997],"tags":[],"class_list":{"0":"post-5742","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-06-project-portfolio-management","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts\/5742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/users\/20416"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/comments?post=5742"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts\/5742\/revisions"}],"predecessor-version":[{"id":5743,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts\/5742\/revisions\/5743"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/media?parent=5742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/categories?post=5742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/tags?post=5742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}