Main Vulnerability Database SB2018031235

SB2018031235 - Authentication bypass in AsyncSSH

Published: March 12, 2018 Updated: January 3, 2024

Security Bulletin ID SB2018031235

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2018-7749)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the application does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step and gain unauthorized access to the system.

Remediation

Install update from vendor's website.

References

https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ