CVE-2024-48460
📋 TL;DR
A vulnerability in Eugeny Tabby terminal emulator version 1.0.213 allows remote attackers to capture SSH credentials when connecting to malicious servers. The software sends username and password even when host key verification fails, exposing authentication credentials. Users of Tabby 1.0.213 who connect to SSH servers are affected.
💻 Affected Systems
- Eugeny Tabby
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
SSH credentials are captured by a malicious server operator, leading to unauthorized access to SSH-protected systems and potential lateral movement.
Likely Case
Credentials exposed to man-in-the-middle attackers or malicious servers, resulting in compromised SSH accounts.
If Mitigated
No credential exposure if proper host key verification is enforced or connections are limited to trusted servers.
🎯 Exploit Status
Exploitation requires user interaction (connecting to server) and a malicious SSH server that fails host key verification.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.214 or later
Vendor Advisory: https://github.com/Eugeny/tabby/issues/9955
Restart Required: Yes
Instructions:
1. Open Tabby. 2. Go to Settings > Updates. 3. Check for updates and install version 1.0.214 or newer. 4. Restart Tabby.
🔧 Temporary Workarounds
Disable SSH connections in Tabby
allPrevent SSH connections through Tabby until patched.
Use alternative SSH client
allUse native SSH clients (OpenSSH, PuTTY) instead of Tabby for SSH connections.
🧯 If You Can't Patch
- Only connect to trusted SSH servers with verified host keys
- Monitor SSH connections for unexpected authentication failures
🔍 How to Verify
Check if Vulnerable:
Check Tabby version in Settings > About. If version is exactly 1.0.213, you are vulnerable.Check Version:
On Tabby: Open Settings > About tabVerify Fix Applied:
Verify Tabby version is 1.0.214 or newer in Settings > About.📡 Detection & Monitoring
Log Indicators:
- Failed SSH host key verification followed by successful authentication
- SSH connections to unknown/untrusted servers
Network Indicators:
- SSH connections from Tabby to servers with mismatched host keys
SIEM Query:
source="tabby" AND event="ssh_connection" AND (host_key_verification="failed" OR host_key_mismatch="true")