Security flaw in Secure Shell’s implementation library luckily did not affect GitHub

Security researcher Peter Winter-Smith from NCC Group recently discovered a vulnerability in Secure Shell’s implementation library (Libssh) which allows attackers to bypass the authentication and gain command over a remote server.

By sending a specific message which fakes a successful authentication to the targeted server, the attacker is granted access without even being asked for a password. As the flaw impacted the Libssh version 0.6 which was released in 2014, the zero-day bug had been there for four years. According to The Hacker News the Libssh team already patched the flaw in their latest update.

YOU MAY ALSO LIKE:

Read more about this server vulnerability and if you could be affected here.