file-ssh-unrestricted-nonwhitelist: Unrestricted SSH Access from Non-Whitelisted IPs

日期: 2025-08-01 | 影响软件: file ssh unrestricted nonwhitelist | POC: 已公开

漏洞描述

SSH access is not restricted to specific IP addresses, allowing connections from any source. This increases the risk of unauthorized access and brute-force attacks.

PoC代码[已公开]

id: file-ssh-unrestricted-nonwhitelist

info:
  name: Unrestricted SSH Access from Non-Whitelisted IPs
  author: pussycat0x
  severity: unknown
  description: |
    SSH access is not restricted to specific IP addresses, allowing connections from any source. This increases the risk of unauthorized access and brute-force attacks.
  remediation: |
    Restrict SSH to specific IPs in /etc/ssh/sshd_config by setting ListenAddress <trusted-IP> and restarting the SSH service.
  reference:
    - https://vishalraj82.medium.com/hardening-openssh-security-37f5d634015f
    - https://www.cyberciti.biz/tips/howto-openssh-sshd-listen-multiple-ip-address.html
  metadata:
    verified: true
  tags: audit,config,file,ssh

file:
  - extensions:
      - all

    matchers:
      - type: word
        words:
          - "#ListenAddress"
# digest: 4a0a00473045022065771ef7cf458bc76abc58c0e2640f8a63ac7dd04f2f10eaffa252e1974fba0f022100f4be80a705aa942650d077d3da0c9639e5b2180181a96bbae70f343b86d79b34:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/ssh/file-ssh-ip-whitelist.yaml