Nessus security scanner showing libssh vulnerability in Centrify Connectors
Problem: Nessus security scanner reports a libssh vulnerability in Centrify Connectors
Cause: The Centrify connector uses /n Software's SSH server library. This library, while similar to libssh, does not contain the libssh that is reported by the Nessus security scan report. However, during the scan, a different vulnerability, that caused a channel to be opened for a short window when it should not have been open, was discovered.
Resolution: That issue was subsequently fixed by /n Software. The library with the fix, /n Software version 16.0.6883.0, is built into Centrify Privileged Access Service 18.11 connectors. Installing the 18.11 Centrify connector will resolve the Nessus security scan report.