CVE-2018-7749
CRITICALAsyncSSH < 1.12.1 - Unauthenticated Authentication Bypass
Title source: llmDescription
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
https://groups.google.com/forum/#%21msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ
Third Party Advisory x_refsource_confirm
https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
Scores
CVSS v3
9.8
EPSS
0.0178
EPSS Percentile
75.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
asyncssh_project/asyncssh
< 1.12.1
pypi/AsyncSSH
0 - 1.12.1PyPI
Published
Mar 12, 2018
Tracked Since
Feb 18, 2026