What Happened with the OpenSSH Vulnerability?

Dec 23, 2019

Just last year, a security bug was found in OpenSSH that affected ALL versions released in the past 20 years! The impact of this vulnerability was massive and here’s why:

Apple Terminal

What is Open SSH?

Open SSH is short for Open Secure Shell. It is one of the most widely used and trusted tools for remote management of servers and computers. It offers a secure channel by eliminating eavesdropping, connection hijacking, and other attacks. It is considered extremely safe and used across several software applications and hardware devices online, making it very difficult if any vulnerabilities were to be discovered.

Finding the Security Bug

The security bug was found back in August of 2018. If an attacker tried to authenticate through OpenSSH with a username that didn’t exist, the server would send out a failure reply. However, if the user itself did not exist, the server would close out without leaving a reply at all. Knowing this, attackers were able to guess usernames that were registered on the OpenSSH server. OpenSSH is used with a range of technologies, thus, affecting billions of devices.


Patches for the vulnerability were created, however, it would still be a long process to fix since OpenSSH is used in so many applications. Users could also opt to login into remote devices using an alternative to OpenSSH. If users did not have an alternative or no choice but to use OpenSSH, they could also disable the public authentication, which is where the vulnerability was found.


Written by

Michael Assraf

Recent Posts

  • 1

    February 2021 Patch Tuesday Rundown

    Kent Weigle March 03, 2021
  • 2

    Could the Vulnerability Fujiwhara Effect Be the New Normal?

    Kent Weigle January 18, 2021
  • 3

    Six Ways to Improve Your Patch Management Practices

    Kent Weigle January 05, 2021
  • 4

    Top Trending CVEs of January 2021

    Kent Weigle February 01, 2021
  • 5

    So I Really Have to Update Chrome?

    Kent Weigle February 08, 2021

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial