freeSSHD-like vulnerabilities in wodSSHServer - WeOnlyDo Discussion board

freeSSHD-like vulnerabilities in wodSSHServer (wodSSHServer)

by Krupashankar S, Thursday, February 04, 2016, 08:56 (659 days ago)

Does the SSH Server component suffer any of the following vulnerabilities that were present in freeSSHD? If so, what is the mitigation option.

1) FreeSSHd Authentication bypass (20121201)
2) SSH protocol version 1 detected
3) SSH v1 Session Key Retrieval (20010918)

I presume for #2 and #3, using only SSH v2 authentication ( ProtocolsEnum.SSH2) is the solution. Is this correct? How about the first one, authentication bypass vulnerability?

The version of SSH Server component in question is 2.2.9.381.

freeSSHD-like vulnerabilities in wodSSHServer

by Jasmine, Thursday, February 04, 2016, 12:46 (659 days ago) @ Krupashankar S

Hi.

As far as I know, wodSSHServer does not have any open vulnerabilities, all of those are fixed as they are reported.

freeSSHd does use wodSSHServer, but depends on when it's updated, it doesn't update regularly.

As for you specific version, it's from May 2012. I really don't know if it contains those fixes or not. I can only suggest to update to latest version.

I hope this helps!
Jasmine.