Fluid Attacks Database

Description

AsyncSSH SSH Server Authentication Bypass The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	asyncssh	>=0 <1.12.1	1.12.1
debian 13	python-asyncssh	>=0 <1.12.1-1	1.12.1-1
debian 14	python-asyncssh	>=0 <1.12.1-1	1.12.1-1
debian 11	python-asyncssh	>=0 <1.12.1-1	1.12.1-1
debian 12	python-asyncssh	>=0 <1.12.1-1	1.12.1-1

Aliases

1. CVE-2018-77492. NVD-2018-77493. OSV-2018-77494. OSV-DEBIAN-2018-77495. GCVE-2018-77496. SECURITY-TRACKER-CVE-2018-7749

References

1. https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a2. https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba43. https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2018-108.yaml4. https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.