CVE-2018-10933 log

Severity Critical
Remote Yes
Type Authentication bypass
An authentication bypass vulnerability has been discovered in libssh versions prior to 0.7.6 and 0.8.4, in the server-side state machine. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials, resulting in unauthorized access.
Group Package Affected Fixed Severity Status Ticket
AVG-780 libssh 0.8.3-1 0.8.4-1 Critical Fixed
Date Advisory Group Package Severity Type
17 Oct 2018 ASA-201810-10 AVG-780 libssh Critical authentication bypass