Was LibSSH created by noobs? "Let me in bro, the other guy already checked my ID." https://nakedsecurity.sophos.com/20...

Not quite the scenario. It's more like:
"lemme in bro, you got your password right"

@netikras It's mind blowing that they can have such a gaping hole in such a sensitive thing.

@netikras And yes, I realize there's no "other guy". I was trying to compare it to walking into a club/bar and being like "I'm good bro, I've already been authenticated. I already showed my ID to someone else. Let me in." I guess a better more accurate version would be "Let me in bro, remember? You already authenticated me". Kinda Star Wars force-ish lol. "These aren't the droids you're looking for, but yes, I'm the guy...let me in"

I can't think of what uses libSSH instead of OpenSSH anyway.

@JoshBent or libssh2

@Stebner55 not really. The server should be the one sending _SU code. The server should not be accepting it in a first place.

So it's not 'you have authenticated me'. It's more like 'I [the client] have auth'ed you [the server]'.

Mistakes happen... You're not paying a penny to make it better, are you? You get the stuff for free. Let's cut some slack for them.

This bug got noticed in an oss. Can you imagine amount of critical bugs in paid sw? And whoever finds them keeps 'em for himself? Cuz what are the odds anyobe would find them -- there's no src to analyze...

@netikras "Remember? You already authenticated me" could be "Remember? Here's what you sent me.". You're misinterpreting a vague joke just to argue. Let it go.

@Stebner55 allright, perhaps I'm just not getting it. Sorry. I'm a lil triping - caught cold, 39.5 temperature,... Sorry :)

@netikras Get some soup and sleep. Feel better.

@Stebner55 wifey's making some soup atm :) thx.
She's da best!

ssh, let's not talk about it

@electrineer I vote yours as the best comment I've seen this week lol.