-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Search results for openssh-client | Breaking Cybersecurity News | The Hacker News

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

Jan 15, 2016
A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol. The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks. What Causes the Flaw to occur? The serious bug was actually the result of a code that enables an experimental " roaming " feature in the OpenSSH versions 5.4 to 7.1 in order to let users resume connections. However, The roaming feature contains two different vulnerabilities: An information sharing flaw ( CVE-2016-0777 ) A less harmless buffer overflow flaw ( CVE-2016-0778 ) The vulnerability does not have any catchy name like some previous OpenSSH flaws. Impact of the Vulnerability This new feature can be exploited by hackers, who could use a malicious OpenSSH server to trick a...
36-Year-Old SCP Clients' Implementation Flaws Discovered

36-Year-Old SCP Clients' Implementation Flaws Discovered

Jan 15, 2019
A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely transfer files between a local host and a remote host using RCP (Remote Copy Protocol) and SSH protocol. In other terms, SCP, which dates back to 1983, is a secure version of RCP that uses authentication and encryption of SSH protocol to transfer files between a server and a client. Discovered by Harry Sintonen, one of F-Secure's Senior Security Consultants, the vulnerabilities exist due to poor validations performed by the SCP clients, which can be abused by malicious servers or man-in-the-middle (MiTM) attackers to drop or overwrite arbitrary files on the client's system. "Many scp clients fail to ver...
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Feb 18, 2025 Vulnerability / Network Security
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 (CVSS score: 6.8)  - The OpenSSH client contains a logic error between versions 6.8p1 to 9.9p1 (inclusive) that makes it vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled, allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it (Introduced in December 2014) CVE-2025-26466 (CVSS score: 5.9) - The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption (Introduced in August 2023) "If an attacker can perform a man-in-the-middle a...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
OpenSSH 3.5p1 Remote Root Exploit for FreeBSD

OpenSSH 3.5p1 Remote Root Exploit for FreeBSD

Jun 30, 2011
OpenSSH 3.5p1 Remote Root Exploit for FreeBSD OpenSSH 3.5p1 Remote Root Exploit for FreeBSD has been shared by kcope on twitter . The Released note is as given below : OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Discovered and Exploited By Kingcope Year 2011 -- The last two days I have been investigating a vulnerability in OpenSSH affecting at least FreeBSD 4.9 and 4.11. These FreeBSD versions run OpenSSH 3.5p1 in the default install. The sshd banner for 4.11-RELEASE is "SSH-1.99-OpenSSH_3.5p1 FreeBSD-20060930". A working Remote Exploit which spawns a root shell remotely and previous to authentication was developed. The bug can be triggered both through ssh version 1 and ssh version 2 using a modified ssh client. During the investigation of the vulnerability it was found that the bug resides in the source code file "auth2-pam-freebsd.c". http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/Attic/auth2-pam-freebsd.c This file does not exist in Fre...
OpenSSH now supports FIDO U2F security keys for 2-factor authentication

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

Feb 17, 2020
Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements. First, OpenSSH 8.2 added support for FIDO/U2F hardware authenticators , and the second, it has deprecated SSH-RSA public key signature algorithm and planned to disable it by default in the future versions of the software. FIDO (Fast Identity Online) protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along ...
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

Jul 01, 2024 Linux / Vulnerability
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component , also known as sshd, which is designed to listen for connections from any of the client applications. "The vulnerability, which is a signal handler race condition in OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems," Bharat Jogi, senior director of the threat research unit at Qualys, said in a disclosure published today. "This race condition affects sshd in its default configuration." The cybersecurity firm said it identified no less than 14 million potentially vulnerable OpenSSH server instances exposed to the internet, adding it's a regression of an already pa...
Microsoft Plans to Add Secure Shell (SSH) to Windows

Microsoft Plans to Add Secure Shell (SSH) to Windows

Jun 03, 2015
Until now Unix and Linux system administrators have to download a third-party SSH client software like Putty on their Windows machines to securely manage their machines and servers remotely through Secure Shell protocol or Shell Session (better known as SSH ). This might have always been an awkward feature of Windows platform, as it lacks both – a native SSH client software for connecting to Linux machines, and an SSH server to support inbound connections from Linux machines. But… Believe it or not: You don't need to deal with any third-party SSH client now, as Microsoft is working on supporting OpenSSH. Yes, Microsoft has finally decided to bring OpenSSH client and server to Windows. The PowerShell team at Microsoft has announced that the company is going to support and contribute to OpenSSH community in an effort to deliver better SSH support in the PowerShell and Windows SSH software solutions. So, the upcoming version of Windows PowerShell – the co...
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

Jan 01, 2024 Encryption / Network Security
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell ( SSH ) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called  Terrapin  ( CVE-2023-48795 , CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix truncation attack." "By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it," researchers Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk  said . SSH is a  method  for securely sending commands to a computer over an unsecured network. It relies on cryptography to authenticate and encrypt connections between devices. This is accomplished by means of a handshake in which a client and server agree up...
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

Feb 06, 2023 Authentication / Vulnerability
The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as  CVE-2023-25136 , the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. "This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms," OpenSSH disclosed in its  release notes  on February 2, 2023. Credited with  reporting  the flaw to OpenSSH in July 2022 is security researcher Mantas Mikulenas. OpenSSH is the open source implementation of the secure shell ( SSH ) protocol that offers a suite of services for encrypted communications over an unsecured network in a client-server architecture. "The exposure occurs in the chunk of memory freed twice, the 'options.kex_algorithms,'" Saeed Abbasi, manager of vulnera...
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Jul 24, 2023 Linux / Network Security
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys,  said  in an analysis last week. The vulnerability is being tracked under the CVE identifier  CVE-2023-38408  (CVSS score: N/A). It impacts all versions of OpenSSH before  9.3p2 . OpenSSH is a popular connectivity tool for remote login with the SSH protocol that's used for encrypting all traffic to eliminate eavesdropping, connection hijacking, and other attacks. Successful exploitation requires the presence of certain libraries on the victim system and that the SSH authentication agent is  forwarded  to an attacker-controlled system. SSH agent is a  background program  that ...
PuTTY v.0.61 New Version released After 4 years

PuTTY v.0.61 New Version released After 4 years

Jul 14, 2011
PuTTY v.0.61  New Version   released  After 4 years After four Years, Putty's New version finally Released today.Here are the PuTTY files themselves: PuTTY (the Telnet and SSH client itself) PSCP (an SCP client, i.e. command-line secure file copy) PSFTP (an SFTP client, i.e. general file transfer sessions much like FTP) PuTTYtel (a Telnet-only client) Plink (a command-line interface to the PuTTY back ends) Pageant (an SSH authentication agent for PuTTY, PSCP, PSFTP, and Plink) PuTTYgen (an RSA and DSA key generation utility). These features are new in beta 0.61 Kerberos/GSSAPI authentication in SSH-2. Local X11 authorisation support on Windows. (Unix already had it, of course.) Support for non-fixed-width fonts on Windows. GTK 2 support on Unix. Specifying the logical host name independently of the physical network address to connect to. Crypto and flow control optimisations. Support for the zlib@openssh.com SSH-2 compression method. Support for new Wind...
Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

Jul 06, 2017
WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak , this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors. Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu. Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server. BothanSpy — Implant for Windows OS BothanSpy is installed as a Shellterm 3.x extension on the target machine and only works if Xshell is running on it with active sessions. Xshell is a powerful terminal emulator that supports SSH, SFTP, ...
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

Aug 12, 2024 Cybersecurity / Network Security
The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589 , carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity. "A signal handler in sshd(8) may call a logging function that is not async-signal-safe," according to an advisory released last week. "The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges." OpenSSH is an implementation of the secure shell (SSH) protocol suite, providing encrypted and authenticated transport for a variety of services, including remote shell access. CVE-2024-7589 has been described as "another instance...
How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

Jul 13, 2017
WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak , this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones. Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones. However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool. But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used. Explained: How CIA Highrise Project Works In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, ...
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

Jul 10, 2024 Vulnerability / Network Security
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 and 8.8p1 shipped with Red Hat Enterprise Linux 9. Security researcher Alexander Peslyak, who goes by the alias Solar Designer, has been credited with discovering and reporting the bug, which was found during a review of CVE-2024-6387 after the latter was disclosed by Qualys earlier this month. "The main difference from CVE-2024-6387 is that the race condition and RCE potential are triggered in the privsep child process, which runs with reduced privileges compared to the parent server process," Peslyak said . "So the immediate impact is lower. However, there may be differenc...
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Dec 09, 2024 Threat Intelligence / Malware
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics , distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7 said . "After the email bomb, the threat actor will reach out to the impacted users." As observed back in August, the attackers make initial contact with prospective targets on Microsoft Teams, pretending to be support personnel or IT staff of the organization. In some instances, they have also been observed impersonating IT staff members within the targeted organization. Users who end up interacting with the threat actors are urged to install legitimate remote access software such as AnyDesk, ScreenConnect, TeamViewer, and Microsoft's Quick Assist. The Window...
New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

Jun 23, 2023 Cryptocurrency / IoT
Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or  said . "The backdoor also installs a patched version of OpenSSH on affected devices, allowing threat actors to hijack SSH credentials, move laterally within the network, and conceal malicious SSH connections." To pull off the scheme, misconfigured Linux hosts are brute-forced to gain initial access, following which the threat actors move to disable shell history and fetch a trojanized version of OpenSSH from a remote server. The rogue OpenSSH package is configured to install and launch the backdoor, a shell script that allows the attackers to distribute additional payloads a...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources