runZero Research Uncovers Surprising Exposures in SSH Affecting Critical Network Security Devices and Applications
07 August 2024 - 12:00AM
Business Wire
Company Unveils New Research and Introduces
SSHamble, an Open Source Research Tool That Identifies Vulnerable
SSH Implementations
runZero, a leading provider of Cyber Asset Attack Surface
Management (CAASM), published new research on Secure Shell (SSH)
exposures and unveiled a corresponding open source tool, SSHamble,
which helps security teams validate SSH implementations by testing
for uncommon, but dangerous misconfigurations and software bugs.
SSHamble is now available at https://sshamble.com.
During their presentation at the Black Hat USA Conference,
“Secure Shell in Shambles,” founder and CEO HD Moore and Director
of Research Rob King, shared that the research was prompted by the
xz-utils backdoor incident and their investigation into “Jia Tan,”
the persona used by likely nation-state actors to plant malicious
code into the xz-utils compression utility integrated into many
Linux distributions. Activities intended to aid in response to the
incident led runZero’s research team to discover a broad range of
weaknesses across SSH implementations and applications that impact
critical network security devices and software. These long standing
issues have remained undiscovered due to the lack of tooling
available to exercise the layers of the SSH protocol.
As one of the most common remote administration services, SSH is
widespread; it is found in every major operating system, embedded
in many applications, and enabled by default in cloud environments.
runZero’s research team uncovered new SSH authentication bypass
issues, information leaks, and misconfigurations. SSH
vulnerabilities were also identified in various products, including
a significant regression in OpenSSH for Microsoft Windows.
Additional SSH vulnerabilities were identified in Digi
International ICS gateways, Panasonic ethernet switches,
Realtek-based ADSL routers, Ruckus wireless access points, common
Git-based development tools like Soft Serve and GOGS, and various
consumer-focused networking equipment. In some cases, vendors have
made patches available.
“Our research uncovered over fifty thousand unauthenticated
shells and misconfigurations, posing widespread risk,” said HD
Moore. “We developed SSHamble as an open source project to help
security professionals identify SSH exposures and misconfigurations
and enable vendors to test their appliances and tooling before they
ship. runZero’s mission is to enhance security visibility, improve
exposure management, and speed up response times. We are excited to
offer this free tool in support of these efforts.”
SSHamble simulates potential attack scenarios, including
unauthorized remote access due to unexpected state transitions,
remote command execution in post-session login implementations, and
information leakage through unlimited high-speed authentication
requests. The SSHamble interactive shell provides raw access to SSH
requests in the post-session (but pre-execution) environment,
allowing for simple testing of environment controls, signal
processing, port forwarding, and more.
Additional Resources:
- Join runZero Hour Episode 9 to see a demo of SSHamble
- Get the open source SSHamble tool
- Visit the runZero website
- Start a free trial of runZero
About runZero
runZero delivers the most complete security visibility possible,
providing organizations the ultimate foundation for successfully
managing risk and exposure. Rated number one on Gartner Peer
Insights, their leading cyber asset attack surface management
(CAASM) platform starts delivering insights in literally minutes,
with coverage for both managed and unmanaged devices across the
full spectrum of IT, OT, IoT, cloud, mobile, and remote assets.
With a world-class NPS score of 82, runZero has been trusted by
more than 30,000 users to improve security visibility since the
company was founded by industry veteran HD Moore.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240807135690/en/
Susan Torrey runZero Corporate Communications
susan.torrey@runzero.com