Just last year, a security bug was found in OpenSSH that affected ALL versions released in the past 20 years! The impact of this vulnerability was massive and here’s why:
Open SSH is short for Open Secure Shell. It is one of the most widely used and trusted tools for remote management of servers and computers. It offers a secure channel by eliminating eavesdropping, connection hijacking, and other attacks. It is considered extremely safe and used across several software applications and hardware devices online, making it very difficult if any vulnerabilities were to be discovered.
The security bug was found back in August of 2018. If an attacker tried to authenticate through OpenSSH with a username that didn’t exist, the server would send out a failure reply. However, if the user itself did not exist, the server would close out without leaving a reply at all. Knowing this, attackers were able to guess usernames that were registered on the OpenSSH server. OpenSSH is used with a range of technologies, thus, affecting billions of devices.
Patches for the vulnerability were created, however, it would still be a long process to fix since OpenSSH is used in so many applications. Users could also opt to login into remote devices using an alternative to OpenSSH. If users did not have an alternative or no choice but to use OpenSSH, they could also disable the public authentication, which is where the vulnerability was found.
February 2021 Patch Tuesday Rundown
Kent Weigle March 03, 2021Could the Vulnerability Fujiwhara Effect Be the New Normal?
Kent Weigle January 18, 2021Six Ways to Improve Your Patch Management Practices
Kent Weigle January 05, 2021Top Trending CVEs of January 2021
Kent Weigle February 01, 2021So I Really Have to Update Chrome?
Kent Weigle February 08, 2021