Security News > 2023 > December > SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)
2023-12-19 10:11

Security researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message.

Terrapin is a prefix truncation attack targeting the SSH protocol.

Aside from downgrading the SSH connection's security by forcing it to use less secure client authentication algorithms, the attack can also be used to exploit vulnerabilites in SSH implementations.

We found several weaknesses in the AsyncSSH servers' state machine, allowing an attacker to sign a victim's client into another account without the victim noticing. Hence, it will enable strong phishing attacks and may grant the attacker Man-in-the-Middle capabilities within the encrypted session."

"Many vendors have updated their SSH implementation to support an optional strict key exchange. Strict key exchange is a backwards-incompatible change to the SSH handshake which introduces sequence number resets and takes away an attacker's capability to inject packets during the initial, unencrypted handshake," they shared.

Administrators can also use the Terrapin Vulnerability Scanner to determine whether an SSH client or server is vulnerable.


News URL

https://www.helpnetsecurity.com/2023/12/19/ssh-vulnerability-cve-2023-48795/