Friend
Professional
- Messages
- 2,653
- Reaction score
- 842
- Points
- 113
Experts have identified new dangers for devices with incorrect SSH implementation.
runZero specialists discovered many vulnerabilities related to poorly protected or incorrectly implemented SSH services, which was an unexpected finding when investigating a backdoor in the XZ Utils data compression utility, which was discovered in March.
The investigation began when runZero launched an investigation into the mysterious person allegedly responsible for introducing a backdoor into SSH servers – a certain Jia Tan. In the course of analyzing the SSH protocol, experts found numerous long-term problems related to server deployments and SSH implementations in various devices, such as wireless access points, routers, and firewalls.
The vulnerabilities did not concern the SSH protocol itself, but its implementation in various devices. It is noted that about 36,000 wireless access points are connected to the Internet, and at least 900 of them are still vulnerable.
Major vulnerabilities included:
The problems are related to old SSH features that have not been improved in recent years, which leaves potential opportunities for attacks on Secure Shell servers. In one case, experts found a problem related to Git servers and SSH usage, which can lead to remote code execution and random access to the source code.
runZero has also developed the SSHamble tool for testing SSH implementations for vulnerabilities that usually go unnoticed because no one thinks to look for them.
At the Black Hat conference, runZero specialists presented a detailed report on their findings. The study showed that many devices remain vulnerable due to improper use of SSH. In addition to one of the discovered vulnerabilities (CVE-2024-41956), the researchers did not go into details of other flaws to prevent possible exploitation. So far, there is no evidence that the vulnerabilities are being exploited in real-world settings, and several of them have already been fixed, although this has not yet been publicly reported.
Source
runZero specialists discovered many vulnerabilities related to poorly protected or incorrectly implemented SSH services, which was an unexpected finding when investigating a backdoor in the XZ Utils data compression utility, which was discovered in March.
The investigation began when runZero launched an investigation into the mysterious person allegedly responsible for introducing a backdoor into SSH servers – a certain Jia Tan. In the course of analyzing the SSH protocol, experts found numerous long-term problems related to server deployments and SSH implementations in various devices, such as wireless access points, routers, and firewalls.
The vulnerabilities did not concern the SSH protocol itself, but its implementation in various devices. It is noted that about 36,000 wireless access points are connected to the Internet, and at least 900 of them are still vulnerable.
Major vulnerabilities included:
- Unauthenticated disclosure of information;
- Unusual implementation of public key authentication;
- Vulnerability to brute-force attacks.
The problems are related to old SSH features that have not been improved in recent years, which leaves potential opportunities for attacks on Secure Shell servers. In one case, experts found a problem related to Git servers and SSH usage, which can lead to remote code execution and random access to the source code.
runZero has also developed the SSHamble tool for testing SSH implementations for vulnerabilities that usually go unnoticed because no one thinks to look for them.
At the Black Hat conference, runZero specialists presented a detailed report on their findings. The study showed that many devices remain vulnerable due to improper use of SSH. In addition to one of the discovered vulnerabilities (CVE-2024-41956), the researchers did not go into details of other flaws to prevent possible exploitation. So far, there is no evidence that the vulnerabilities are being exploited in real-world settings, and several of them have already been fixed, although this has not yet been publicly reported.
Source
