CVE-2018-10933

Question

CVE-2018-10933

Closed this issue 6 years ago · 1 comments

I noticed that ssh-honepot use libssh. Is it secure?

Answer 1 · 2018-10-25T15:30:01.000Z

Yes, this project uses libssh.

I do not believe this is vulnerable to CVE-2018-10933. Clients don't authenticate to this in the traditional sense, and ssh channels aren't opened with this software. It merely logs the usernames/passwords tried. People using this can recompile it after patching libssh for this vulnerability; it is statically linked by default.

As for your question "Is it secure?"; who knows? Like all software, there are probably some bugs present. If there are, I don't know about them. As with all of my projects, bug reports and PRs are welcome.