Go SSH Library Authorization Bypass via Callback Type Confusion
A regression in golang.org/x/crypto/ssh allows attackers to bypass source-address validation by invoking non-public-key callbacks, circumventing the CVE-2024-45337 fix. This enables unauthorized SSH access in misconfigured servers.
CVE References
Affected
Vulnerability Description
This vulnerability represents a callback type-confusion flaw in the Go SSH library's authorization enforcement mechanism. The root cause stems from incomplete validation logic in the VerifiedPublicKeyCallback handler—when alternative callback types (non-public-key authentication methods) are registered, the source-address validation layer is entirely skipped. This is a regression against the prior CVE-2024-45337 remediation, indicating the original fix was narrowly scoped and left control-flow gaps. The impact is authentication bypass: an attacker on an unauthorized network can authenticate via alternative methods (password, keyboard-interactive, etc.) to SSH servers that rely on public-key-only policies enforced through source-address restrictions.
Proof-of-Concept Significance
A PoC demonstrating this vulnerability would likely show that invoking an alternative callback (e.g., keyboard-interactive authentication) on a server configured with VerifiedPublicKeyCallback successfully bypasses network-level source restrictions. The reliability is high because the flaw is in the core callback dispatch logic—any misconfigured server with multiple authentication methods enabled will be vulnerable. The precondition is that the server must register both a VerifiedPublicKeyCallback AND support alternative authentication methods; the vulnerability activates when a non-public-key method is attempted first.
Detection Guidance
Defenders should monitor: (1) SSH authentication logs showing successful non-public-key authentications from unexpected source IPs on systems intended for public-key-only access; (2) Rapid authentication attempts cycling through different methods (keyboard-interactive, password) followed by successful login; (3) Git commits or configuration changes to SSH server setups that add alternative callback handlers alongside VerifiedPublicKeyCallback; (4) golang.org/x/crypto/ssh library versions < patched version in dependency manifests (go.mod, vendor directories). YARA rules should flag Go binaries with ssh callback registration patterns where fallback handlers coexist with verified-key callbacks.
Mitigation Steps
Immediate: Update golang.org/x/crypto to the patched version once released (monitor GitHub advisories for fix release). Configuration: On affected systems, disable alternative SSH authentication methods—restrict sshd/Go SSH server config to public-key-only authentication until patched. Architecture: Enforce source-IP restrictions at network layer (firewall rules, security groups) independent of application-level callbacks as defense-in-depth. Testing: Audit SSH server configurations to ensure callbacks are mutually exclusive and source validation is not callback-type dependent.
Risk Assessment
Likelihood of exploitation is high in the wild because: (1) the vulnerability affects widely-used Go SSH libraries; (2) misconfiguration (multiple auth methods + public-key callback) is common in legacy systems; (3) exploitation requires only standard SSH client tooling—no exotic payloads. Threat actors conducting infrastructure reconnaissance or targeted access campaigns will prioritize this quickly. Organizations running Go-based SSH servers (internal tools, container registries, CI/CD systems) are at elevated risk. The 60-day window between initial CVE-2024-45337 fix and this regression discovery suggests the attack surface was incompletely mitigated.
Sources