When users hear or read “SSH” (the acronym stands for Secure SHell) they expect it to be just that – a secure shell from your physical location to wherever the destination computer may be; and “secured” in terms of requiring authentication and verification of messages. The programming libraries that support SSH include OpenSSH and libssh among others.
In recent news, the libssh library is receiving a lot of attention due to a vulnerability discovered by Peter Winter-Smith of NCC Group. This vulnerability, identified as CVE-2018-10933, allows threat actors to bypass the authentication process. To clarify, the vulnerability doesn’t pose a threat for all libssh usage but only for the implementations in which libssh is used in server mode as opposed to the client mode. In this case, a client can send an “SSH2_MSG_USERAUTH_SUCCESS” message to the server instead of an expected “SSH2_MSG_USERAUTH_REQUEST” message, which is what the server uses to start the authentication process.
At WatchGuard, we take security seriously, and so our team thoroughly investigated every instance where this service’s library is used within WatchGuard products. Bearing in mind that only server mode implementations are affected, WatchGuard confirmed that its current product line does not utilize this implementation and are therefore unaffected by this vulnerability.
libssh is used only as a client by the Gateway Wireless Controller component; libssh is not used to implement an SSH server anywhere in WatchGuard’s product line. OpenSSH is used throughout aside from what was just mentioned. Keep in mind the issue is with libssh and not OpenSSH. This includes current firewalls, Dimension Server, and other services offered by WatchGuard Technologies.
For further reading into this matter, please see the referenced links below. Should you have additional questions, comments, or concerns, please feel free to comment.
References
Gladiac (October 16, 2018). libssh 0.8.4 and 0.7.6 security and bugfix release. Retrieved from https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
User0813484 (October 17, 2018). CVE-2018-10933 – Bypass SSH Authentication – libssh vulnerability. Message posted to https://security.stackexchange.com/questions/195834/cve-2018-10933-bypass-ssh-authentication-libssh-vulnerability
Leave a Reply