CVE-2018-7749
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
12/03/2018
Last modified:
17/06/2026
Description
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:* | 1.12.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
- https://groups.google.com/forum/#%21msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ
- https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
- https://groups.google.com/forum/#%21msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ



