Security agents discover Open SSH security vulnerability in Israeli government DNS server

Security researcher Eitan Caspi recently examined the HTTPS site in the gov.il subdomain for security issues, and found an open Open SSH access on the Israeli government’s DNS server.

Using the online SSL inspector developed by Qualys, Eitan Caspi analyzed the SSL configuration on the server and eventually received a reply from one of the checked IP on port 22. SSH uses port 22, a service that allows administrators to connect to Linux servers, and Caspi says open access allows him to try to log on.

Eitan Caspi sent the discovery to the Israeli National Certification Centre on the same day, and ten minutes later, Eitan Caspi also managed to contact senior information technology officials of the Israeli Government and inform them of the details. A few hours later, the port was closed and the channel was blocked, according to Eitan Caspi.

However, after further analysis, he found that the server used an older version of OpenSSH, which is known for containing multiple vulnerabilities. The server is running OpenSSH 7.4p1, which was released in December 2016, and has been around for more than three years. Since then, OpenSSH has released multiple releases and a series of security fixes for various security issues, and these updates and fixes may not be installed on the server.

Security agents discover Open SSH security vulnerability in Israeli government DNS server