LibSSH Flaw Allows Hackers to Take Over Servers Without Password

Question

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

Logan Jackson

I'm scared Jow Forums.

thehackernews.com/2018/10/libssh-ssh-protocol-library.html

Attached: libssh-ssh-protocol-library-min.png (728x380, 28K)

October 18, 2018 - 06:10

Jaxon Jones

>2018
>password authentication

October 18, 2018 - 06:13

Easton Morales

1. Don't use libSSH
2. Password authentication? HAHAHAHAHAHAHA

Seriously turn that off.

October 18, 2018 - 06:14

Nicholas Anderson

See that's why you don't use open source software.

October 18, 2018 - 07:10

Tyler Brown

You don't really have to work about server compromise; libssh was mostly used inside of applications, as a wrapper around some sort of data transport. Github for example used it as a wrapper around Git connections.

Some applications and small embedded systems might be at risk, but servers seem very unlikely to be affected.

October 18, 2018 - 07:12

Joseph Thomas

>there are still people that don't use the superior SSH
You deserve everything
openSSH and libreSSL are both a complete must

October 18, 2018 - 07:23

William Fisher

please redpill me on how else to authenticate

October 18, 2018 - 07:26

Cooper Mitchell

neither, but
RSA key

October 18, 2018 - 07:28

Easton Cook

key verification

October 18, 2018 - 07:32

Lincoln Morris

> Running Void Linux for the past 2 years
> Simple init system (no systemd)
> LibreSSL and OpenSSH by default
> mfw never affected by libssh/openssl bullshit

Attached: comfy_pepe.jpg (253x229, 48K)

October 18, 2018 - 07:35

Jaxon Moore

please tell me
is my home server safe

Attached: 1534009262977.png (680x77, 7K)

October 18, 2018 - 07:37

Chase Phillips

Key exchange

October 18, 2018 - 07:38

Justin Sullivan

Just read the article you fuckwit.

October 18, 2018 - 07:39

Aiden Brown

Yes, libssh2 is not libssh

October 18, 2018 - 07:44

Jace Ross

thanks mate

Attached: 1510233769862.jpg (334x334, 88K)

October 18, 2018 - 07:47

Henry Hall

True, better let vulnerabilities stay undiscovered, right?

October 18, 2018 - 07:48

Gabriel Rodriguez

OpenSSH is not affected.

Bullshit. No-one uses libssh server code, which is why it was so low quality. If people use libssh they only use client code. People use openssh or dropbear.

October 18, 2018 - 10:25

Jason Smith

Old

October 18, 2018 - 10:48

Luis Taylor

>Using rsa key instead of Ed
Lol loser

October 18, 2018 - 10:50

Parker Sanchez

So here's what I don't get, why is key exchange better than a good password? Even a bad password - if you use fail2ban, then you can't brute force ssh very easily, rendering dictionary attacks pretty useless. As long as you don't use the same password as elsewhere then it should be fine.

October 18, 2018 - 11:15

Austin Miller

how do i turn off ssh in uboongo?

October 18, 2018 - 11:18

Julian Collins

> No-one uses libssh server code, which is why it was so low quality
Who even uses libssh? We did some digging yesterday, maybe PHP has a connector which depends on libssh2 (two), the original libssh was used by Wireshark, I believe.

October 18, 2018 - 13:17

Jack Walker

mfw feel the same feel of this pepe

October 18, 2018 - 13:37

1 2 3 Next

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

Last threads