SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2023-51767

CVE-2023-51767: OpenSSH Auth Bypass Vulnerability

CVE-2023-51767 is an authentication bypass vulnerability in OpenSSH through version 10.0 that exploits row hammer attacks on DRAM. This article covers technical details, affected versions, impact, and available mitigations.

Updated:

CVE-2023-51767 Overview

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."

Critical Impact

This vulnerability allows potential authentication bypass if hardware is exploited under certain conditions.

Affected Products

  • openbsd openssh
  • fedoraproject fedora
  • redhat enterprise_linux

Discovery Timeline

  • 2023-12-24 - CVE CVE-2023-51767 published to NVD
  • 2025-11-04 - Last updated in NVD database

Technical Details for CVE-2023-51767

Vulnerability Analysis

This vulnerability exploits a weak point in the DRAM used to store authentication states. The integer value of authenticated is susceptible to row hammer attacks leading to authentication bypass.

Root Cause

The core issue lies in the hardware's inability to resist bit flips, which OpenSSH cannot inherently protect against.

Attack Vector

Local attack vector through user privileges allowing proximity for row hammer attacks.

c
// Example exploitation code (sanitized)
void example_attack() {
    // Use crafted inputs to influence DRAM errors
    hammer_bits(target_address);
}

Detection Methods for CVE-2023-51767

Indicators of Compromise

  • Unusual authentication attempts
  • Bit flip errors in memory logs
  • Unexplained successful authentications

Detection Strategies

Monitoring DRAM errors and authentication attempts, especially under unusual system load, can help identify potential exploitation attempts.

Monitoring Recommendations

Utilize hardware monitoring tools to detect memory errors indicative of row hammer activity. SentinelOne’s endpoint protection platform can uniquely identify unusual processes and privilege escalations resulting from such manipulation attempts.

How to Mitigate CVE-2023-51767

Immediate Actions Required

  • Limit access to vulnerable systems
  • Increase monitoring on systems susceptible to row hammer attacks
  • Educate users on privileged access risks

Patch Information

Currently, no software patch can address the hardware limitation. Continual updates from OpenBSD for potential software mitigations should be monitored.

Workarounds

Reconfigure systems to use DRAM models with built-in row hammer mitigations where possible. Implement hardware-level error-correction codes (ECC) to help protect against bit flips.

bash
# Example hardware configuration for mitigation
# Update DRAM settings to use ECC
modify-bios --set-ecc --enable

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne