• Cochise
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    Authentication bypass should give you interactive access. “I’m in” like. Remote code execution only allows you to run a command, without permanent access. You can use some RCE vulnerabilities to bypass authentication, but not all.

    • baseless_discourse@mander.xyz
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      9 months ago

      Yeah, but the malicious code replaces the ssh signature verification function to let it allow a specific signature. Hence attacker, with the key, can ssh into any system without proper authentication by ssh.

      This kind of describes authentication by-pass, not just remote code execution…

      EDIT: it is remote code execution, see the edit of parent comment.