
CVE-2018-10933 libssh authentication bypass in server code - nfoz
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
======
nfoz
Bugfix release notes:
[https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-sec...](https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-
and-bugfix-release/)

------
jjoachim3
You're telling me that, basically, an attacker says "you've already said you
trust me" and the server answers "sure, I did"? Wow.

------
nfoz
"libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authentciate without any credentials.

The bug was discovered by Peter Winter-Smith of NCC Group."

