How to find Go SSH servers on your network

|
Updated

Go SSH potential authentication bypass (CVE-2024-45337) #

On December 11th, 2024, the Go Security Team disclosed a potential vulnerability in the Go standard library's implementation of SSH, discovered by the Platform.sh Engineering Team.

The issue, assigned CVE-2024-45337, could result in an authentication bypass or potentially incorrect permissions granted to a remote user when connecting to the SSH server. The issue stems from a common usage pattern of the library, which does not verify or report which of multiple SSH public keys were used for authentication to a server.

Note that this is a vulnerability in the Go standard library's implementation, and thus any product using the standard library to construct an SSH server could be vulnerable. Approximately 19,000 publicly-accessible projects import the relevant package.

Are any updates or workarounds available?

The Go Project has released a new version of Go that partially addresses the issue by making the commonly-misused programming pattern less likely to be used, and offered guidance to programmers on how to more safely use the library.

How to find potentially vulnerable systems with runZero

Because the vulnerable SSH implementation is generally embedded inside other applications, it is not generally possible to determine by filesystem or software examination if the the server is in use. However, runZero's direct scanning of asset services provides a reliable and powerful mechanism to detect what SSH implementations are listening on your network.

From the Software Inventory you can use the following query to locate potentially vulnerable systems:

product:="Go SSH"

Written by Rob King

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.

More about Rob King
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Rapid Response
How to find BeyondTrust appliances on your network
BeyondTrust disclosed that affects their Privileged Remote Access (PRA) and Remote Support (RS) products. This has also been added to the CISA KEV...
Rapid Response
How to find BIND services
ISC disclosed that authoritative servers may experience assertion failures or other unexpected events when using DNSSEC-signed zones using NSEC3.
Rapid Response
How to find Cleo Harmony, LexiCom, and VLTransfer installations on your network
Cleo Software has disclosed CVE-2024-50623 affecting installations of Cleo Harmony, VLTransfer, and LexiCom on your network. Here's how to find...
Rapid Response
How to find Cisco NX-OS assets on your network
Cisco has released an advisory for a vulnerability found within their NX-OS software. Here's how to find affected assets.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved