Security researcher Peter Winter-Smith from NCC Group recently discovered a vulnerability in Secure Shell’s implementation library (Libssh) which allows attackers to bypass the authentication and gain command over a remote server.
By sending a specific message which fakes a successful authentication to the targeted server, the attacker is granted access without even being asked for a password. As the flaw impacted the Libssh version 0.6 which was released in 2014, the zero-day bug had been there for four years. According to The Hacker News the Libssh team already patched the flaw in their latest update.
Read more about this server vulnerability and if you could be affected here.