{"vulnerability": "CVE-2018-10933", "sightings": [{"uuid": "6d51faf5-4a55-4ffe-afaf-7c55234ccff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "MISP/5bc7610a-1830-4dbb-a13c-0cb90a021402", "content": "", "creation_timestamp": "2018-10-17T16:21:14.000000Z"}, {"uuid": "e1728b52-0099-4cb9-9b85-3cadd2ba73c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "exploited", "source": "https://www.exploit-db.com/exploits/46307", "content": "", "creation_timestamp": "2018-10-20T00:00:00.000000Z"}, {"uuid": "ba668c5a-c94c-49b4-9a51-1fe859b08c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "9415de85-5e2e-4592-8458-1d3f70bb5620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:03.000000Z"}, {"uuid": "2fccfd43-6691-4e37-b469-40e8232f2642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb", "content": "", "creation_timestamp": "2018-10-19T19:08:58.000000Z"}, {"uuid": "cf92b3c1-b923-466f-88b9-45c40226974e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "Telegram/AYjypq9TrL8W2-jaBfft0eKcopILEbguaFc8w_RkNOIsbN0", "content": "", "creation_timestamp": "2025-11-30T14:31:12.000000Z"}, {"uuid": "7d330358-80bb-4839-af1c-76e7cccf16aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://sploitus.com/exploit?id=6AA1FE5A-D4DC-53DB-A337-A8A9EF6A70E3", "content": "", "creation_timestamp": "2025-10-23T19:01:47.000000Z"}, {"uuid": "fb1b7077-a0dd-4ee9-baba-8535c5acc956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/antichat/2365", "content": "#libssh #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 #exploit\n\n\u0413\u043e\u0432\u043e\u0440\u044f\u0442, \u044d\u0442\u043e \u0441\u043c\u0435\u0448\u043d\u043e. \u041f\u043e\u0445\u043e\u0436\u0435 \u043d\u0430 \u0442\u043e\n\n\u041e\u0447\u0435\u043d\u044c \u043c\u043e\u0434\u043d\u043e \u043d\u044b\u043d\u0447\u0435 \u043f\u0440\u043e libssh \u043f\u0438\u0441\u0430\u0442\u044c. \u0422\u0430\u043c \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 0.6 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043a\u043e\u0434 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0438 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u0435\u0440\u0435\u043a\u043e\u0447\u0435\u0432\u0430\u043b \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u043f\u043e\u0441\u043b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f SSH2_MSG_USERAUTH_SUCCESS. \u0422\u0435\u043f\u0435\u0440\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u0442\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0432\u043c\u0435\u0441\u0442\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u043e\u043c\u0435\u0440 CVE-2018-10933. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 0.8.4 \u0438 0.7.6.\n\nlibssh \u0447\u0430\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b, \u0430 \u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043d\u0435 \u0442\u0430\u043a \u0443\u0436 \u0438 \u043c\u043d\u043e\u0433\u043e. \u041e\u0434\u0438\u043d \u0438\u0437 \u0437\u043d\u0430\u0447\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u0433\u0434\u0435 libssh \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430, - GitHub Enterprise - \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0442\u0430\u043a \u043a\u0430\u043a libssh \u0432 \u043d\u0435\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u0430.\n\n\u041d\u0443 \u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u043d \u0436\u0435 PoC, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0448\u0435\u043b\u043b \u043f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \"\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\": https://www.openwall.com/lists/oss-security/2018/10/17/5", "creation_timestamp": "2018-10-18T08:56:21.000000Z"}, {"uuid": "300452a8-c844-4012-abfb-dfa70d914875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "Telegram/umR72Wjdprt68hr6EnnbEm5mDMVWC1X7nWKs71oOzJ5W8-Q", "content": "", "creation_timestamp": "2025-10-23T23:00:10.000000Z"}, {"uuid": "06364028-e475-475d-972b-8b4260e962c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "exploited", "source": "https://t.me/BleepingComputer/3914", "content": "Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now\n\nLast week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices. [...]\n\nhttps://www.bleepingcomputer.com/news/security/libssh-cve-2018-10933-scanners-and-exploits-released-apply-updates-now/", "creation_timestamp": "2018-10-22T22:45:05.000000Z"}, {"uuid": "03efa7d9-46df-4f2e-9002-282415007cb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://t.me/ics_cert/378", "content": "\u0647\u0634\u062f\u0627\u0631 \u062f\u0631 \u062e\u0635\u0648\u0635 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2018-10933 \u062f\u0631 Hitachi ABB Power Grids \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f. \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0646\u0633\u0628\u062a \u0628\u0647 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0627\u0642\u062f\u0627\u0645 \u0634\u0648\u062f. \n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u0627\u062f\u0631\u0633 \u0627\u06cc\u0645\u06cc\u0644:\nadmin@ics-cert.ir\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti\n\u0648\u0628\u0633\u0627\u06cc\u062a:\nhttps://ics-cert.ir", "creation_timestamp": "2021-01-08T14:37:41.000000Z"}, {"uuid": "91473837-25c1-4949-be15-24596bd65f8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "Telegram/17sx7vfyYyw5cNVTNyrGtWFmcDoHLeuKbaDi91L36vhy8Ec", "content": "", "creation_timestamp": "2025-07-07T21:00:04.000000Z"}, {"uuid": "428ef5a8-da60-4a87-af29-781ec0844f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/2468", "content": "1. \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043e\u043f\u0440\u043e\u0441\u0430, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u043b\u044e\u0434\u0438, \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435\u0441\u044f WhatsApp, \u043d\u0435 \u0437\u043d\u0430\u044e\u0442, \u0447\u0442\u043e \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0438\u0442 Facebook\nhttps://spreadprivacy.com/facebook-whatsapp/\n\n(https://alexmak.net/wp-content/uploads/2018/10/facebook-whatsapp-v2-1.png)\n\n2. \u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c, \u0435\u0441\u043b\u0438 \u0432\u0430\u0448 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u0441\u0440\u0435\u0434\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u043c \u0432\u0437\u043b\u043e\u043c\u043e\u043c Facebook\nhttps://www.eff.org/deeplinks/2018/10/what-do-if-your-account-was-caught-facebook-breach\n\n3. \u0441\u0442\u0440\u0430\u043d\u0438\u0447\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2018-10933 \u2014\u00a0\u0442\u043e\u0439 \u0441\u0430\u043c\u043e\u0439, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0432\u0448\u0435\u0439 libssh. \u0442\u0430\u043c \u0436\u0435 Docker-\u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u043e\u0432\nhttps://github.com/hackerhouse-opensource/cve-2018-10933\n\n4. \u043a\u0441\u0442\u0430\u0442\u0438, \u043e GitHub. \u0422\u0435\u043f\u0435\u0440\u044c \u0442\u0430\u043c \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f Security Alerts \u0434\u043b\u044f \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432 Java/.Net (\u044d\u0442\u043e \u043a\u043e\u0433\u0434\u0430 \u043f\u0440\u043e\u0435\u043a\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0445 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0435\u0439). \nhttps://www.zdnet.com/article/github-security-alerts-now-support-java-and-net-projects/", "creation_timestamp": "2018-10-19T17:22:44.000000Z"}, {"uuid": "ceff5458-082b-4cf2-aa64-7c672d603887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/cybershit/409", "content": "#libssh #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 #exploit\n\n\u0413\u043e\u0432\u043e\u0440\u044f\u0442, \u044d\u0442\u043e \u0441\u043c\u0435\u0448\u043d\u043e. \u041f\u043e\u0445\u043e\u0436\u0435 \u043d\u0430 \u0442\u043e\n\n\u041e\u0447\u0435\u043d\u044c \u043c\u043e\u0434\u043d\u043e \u043d\u044b\u043d\u0447\u0435 \u043f\u0440\u043e libssh \u043f\u0438\u0441\u0430\u0442\u044c. \u0422\u0430\u043c \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 0.6 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043a\u043e\u0434 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0438 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u0435\u0440\u0435\u043a\u043e\u0447\u0435\u0432\u0430\u043b \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u043f\u043e\u0441\u043b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f SSH2_MSG_USERAUTH_SUCCESS. \u0422\u0435\u043f\u0435\u0440\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u0442\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0432\u043c\u0435\u0441\u0442\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u043e\u043c\u0435\u0440 CVE-2018-10933. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 0.8.4 \u0438 0.7.6.\n\nlibssh \u0447\u0430\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b, \u0430 \u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043d\u0435 \u0442\u0430\u043a \u0443\u0436 \u0438 \u043c\u043d\u043e\u0433\u043e. \u041e\u0434\u0438\u043d \u0438\u0437 \u0437\u043d\u0430\u0447\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u0433\u0434\u0435 libssh \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430, - GitHub Enterprise - \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0442\u0430\u043a \u043a\u0430\u043a libssh \u0432 \u043d\u0435\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u0430.\n\n\u041d\u0443 \u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u043d \u0436\u0435 PoC, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0448\u0435\u043b\u043b \u043f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \"\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\": https://www.openwall.com/lists/oss-security/2018/10/17/5", "creation_timestamp": "2018-10-18T16:42:47.000000Z"}, {"uuid": "7b8e8b59-5d74-49e0-8157-00777f06fff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/92", "content": "#exploit\n1. CVE-2018-10933:\nlibssh authentication bypass, a vulnerable Docker container that listens on port 2222 for exploitation\nhttps://github.com/hackerhouse-opensource/cve-2018-10933\n]-> PoC: https://gist.github.com/mlosapio/2062ebf943485a7289d226e0d00498e7\n\n2. CVE-2018-4878:\nFLASH 0-day\nhttps://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878\n]-> PoC: https://mp.weixin.qq.com/s/F2N04exaW8QO1IeHRZgmfg", "creation_timestamp": "2023-02-15T22:29:55.000000Z"}, {"uuid": "92caa861-cebf-4b5d-8528-30b8033a83db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://t.me/arpsyndicate/1173", "content": "#ExploitObserverAlert\n\nCVE-2018-10933\n\nDESCRIPTION: Exploit Observer has 110 entries related to CVE-2018-10933. A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.\n\nFIRST-EPSS: 0.111640000\nNVD-IS: 5.2\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T09:56:06.000000Z"}, {"uuid": "bdbc7e65-24a1-4c3a-9033-a7c2da3fdb6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/SecLabNews/3455", "content": "\u041d\u0430 \u043c\u0438\u043d\u0443\u0432\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 SecurityLab \u043f\u0438\u0441\u0430\u043b \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2018-10933 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Libssh, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0441 \u043b\u0435\u0433\u043a\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0438\u043b\u0438 \u0441\u0430\u0439\u0442\u043e\u043c. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 libssh 0.7.6 \u0438 0.8.4.     \n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Libssh", "creation_timestamp": "2018-10-23T09:04:31.000000Z"}, {"uuid": "dcb32f76-0ebc-4b23-825e-fc5b1dc13202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/4124", "content": "RT @BleepinComputer: Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now - by @LawrenceAbrams\nhttps://t.co/FPdQkBIkuC http://twitter.com/BleepinComputer/status/1055582528080408576", "creation_timestamp": "2018-10-26T00:13:31.000000Z"}, {"uuid": "e813a45c-1f29-4b17-ae99-2a832715fe57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://t.me/ctinow/3980", "content": "Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now - by @LawrenceAbrams\nhttps://t.co/FPdQkBIkuC http://twitter.com/BleepinComputer/status/1054500494742351873", "creation_timestamp": "2018-10-23T00:36:09.000000Z"}, {"uuid": "450a2e5f-1f70-4a9a-95d0-56128e7d15cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://t.me/ctinow/3762", "content": "LibSSH Flaw Allows Hackers to Take Over Servers Without Password A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.\n\nThe security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in", "creation_timestamp": "2018-10-17T12:43:28.000000Z"}, {"uuid": "ceae6ffb-ba88-475f-838e-65ddad65e821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://t.me/information_security_channel/21258", "content": "This is an important security and maintenance release in order to address CVE-2018-10933.\n\nlibssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.\n\nThe bug was discovered by Peter Winter-Smith of NCC Group.\n\nhttps://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/", "creation_timestamp": "2018-10-16T20:19:51.000000Z"}, {"uuid": "eecf362c-26e7-4234-9151-646727f622fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/21667", "content": "Libssh-Scanner : Script to identify hosts vulnerable to CVE-2018-10933\nhttps://kalilinuxtutorials.com/libssh-scanner-vulnerable-cve-2018-10933/\n\nLibssh-Scanner is a python based script to identify hosts vulnerable to CVE-2018-10933. Libssh scanner has two modes: passive (banner grabbing) and aggressive (bypass auth) to validate vulnerability\u2019s existence. By default, libssh scanner uses passive mode but supply the -a argument and aggressive mode will be used which provides more accurate results. Also ReadNameles \u2013 Open [\u2026]\nThe post Libssh-Scanner : Script to identify hosts vulnerable to CVE-2018-10933 (https://kalilinuxtutorials.com/libssh-scanner-vulnerable-cve-2018-10933/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).", "creation_timestamp": "2018-10-31T04:11:02.000000Z"}, {"uuid": "763dbab2-7dac-4f52-aae7-acb0660f9871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/110", "content": "\u26a1Ridiculously \"Simple to Exploit\" LibSSH Authentication Bypass Flaw (CVE-2018-10933) Allows Attackers to Take Over Vulnerable Servers Without Requiring Passwords\n\nhttps://thehackernews.com/2018/10/libssh-ssh-protocol-library.html\n\n\ud83e\udd14HINT \u2192 Just Tell the Server You Have Successfully Logged-In, It Will Trust You!", "creation_timestamp": "2018-10-17T12:43:22.000000Z"}, {"uuid": "9ba669bf-21a2-4401-8df8-8e9950424738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "seen", "source": "https://t.me/canyoupwnme/4592", "content": "Authentication bypass in server code\nhttps://www.libssh.org/security/advisories/CVE-2018-10933.txt", "creation_timestamp": "2018-10-18T11:15:30.000000Z"}, {"uuid": "05325930-71ed-4fb3-8330-2d6379aa2d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10933", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/4610", "content": "Libssh Authentication Bypass Vulnerability Exploit (CVE-2018-10933)\nhttp://www.vulnspy.com/en-libssh-authentication-bypass-cve-2018-10933/libssh_authentication_bypass_vulnerability_exploit_(cve-2018-10933)/", "creation_timestamp": "2018-10-20T14:06:58.000000Z"}]}