SSH Access Vulnerabilities Result of Poor Implementation

If you expect secure socket shell-based (SSH) access to be inherently safe, guess again, says an article in The Register. Security researchers found many SSH access vulnerabilities stemming from poorly secured or implemented services. 

The security firm runZero discovered the issues accidentally while two company researchers searched for the individual responsible for the xz backdoor in certain SSH server deployments. They didn’t find him, she, or it, but they discovered issues aplenty in SSH. 

About 36,000 wireless access points could be connected to the Internet, and at least 900 of those are vulnerable. Other problems include unusual implementation of public key authentication and default exposure to brute force attacks. 

The issues were not with the protocol. According to runZero, issues were related to “server-side deployments and implementations in wireless access points, routers, firewalls, and other stuff you would hope would be secure yet apparently are not.”

The good news is that they found no specific SSH access vulnerabilities in two of the most popular SSH client servers. The problem is that vulnerabilities arise because products using the servers are misused.

The researchers are unaware of any exploitation of the issues, several of which have been patched. The article explains how to get a tool to test SSH implementations for unnoticed vulnerabilities.