The vulnerability is present only

rakhirhif8963 · Post by **rakhirhif8963** » Sat Feb 08, 2025 9:01 am

One of the largest sites using libssh is GitHub. However, security experts at the site have already stated that the vulnerability has not affected their work, since libssh is used as an alternative authentication method for corporate clients via SSH. If GitHub's authentication method using libssh was vulnerable, an attacker could gain access to the source code and intellectual property of the world's largest companies.

"We use a customized version of libssh. The libssh server does not use the SSH2_MSG_USERAUTH_SUCCESS string for public key authentication, for which we use this library. The fixes were installed out of an abundance of caution, but the GitHub Enterprise site was never vulnerable to CVE-2018-10933," the company tweeted.

Safety Tales: Airport Leak
Vladimir Bezmaly | 10/17/2018
That morning everything went as usual. Jim quickly got ready, drank coffee, kissed his daughter and ran to work. Luckily, work was very close and he could walk there. He always walked, especially since it only took about 15 minutes. He walked quickly down the street, but carefully looked under his feet so as not to trip.

Suddenly he saw a flash drive lying on the road. The first natural movement was to pick it up. He spent the whole day wondering what was on it. But he didn't insert it into the corporate computer. He remembered how at another training the instructor had shown that this way you could not only infect the corporate network, but also simply burn the computer completely. But still, what was on the flash drive?

Jim decided to stop by the public library on his way home.

- Good evening! How can I help you?

- Good evening! I would like to sit at your computer for an hour.

- Of course. Please come in. Here is your computer.

- Thank you!

After waiting for the clerk to leave, Jim pulled the flash greece mobile database out of his pocket and inserted it into the computer. The contents were not encrypted.

- Oh my god, what is this?

On the flash drive, Jim discovered a wealth of sensitive airport data, including the airport's patrol schedule, routes and security measures for cabinet members and foreign dignitaries, and the Emperor's travel plans.

At first he was even scared when he found out what exactly he had found. But after thinking about it, he realized that it was good that he had found the flash drive and not someone else, and decided to take it to the local newspaper.

In the libssh server code. This means that a libssh-based SSH client installed on your computer will not allow an attacker to access your system unless the client is also configured as an SSH server.

There are no publicly available exploits for CVE-2018-10933 yet. But they are easy to create. So it is very likely that they will appear on the Internet in the coming days.