A vulnerability was found in libsshs server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libssh | Libssh | 0.6.0 (including) | 0.7.6 (excluding) |
Libssh | Libssh | 0.8.0 (including) | 0.8.4 (excluding) |