Security News > 2023 > December > SSH shaken, not stirred by Terrapin vulnerability
This isn't one to panic over, because someone will need to man-in-the-middle your vulnerable connection rather than directly attack your server; it's a downgrade attack primarily rather than a decryption or command injection issue; and there are ways to immediate protect yourself from Terrapin attacks.
There are three issues to be aware of: CVE-2023-48795, which is the generic exploitable protocol-level SSH vulnerability; and CVE-2023-46445 and CVE-2023-46446 specific to the Python SSH client AsyncSSH, which has an estimated 60,000 daily downloads.
Terrapin is a prefix truncation attack, and allows a MITM attacker to downgrade the security of an SSHv2 connection during extension negotiation.
As the university trio put it this week, a successful Terrapin attack can "Lead to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks in OpenSSH 9.5." In some very specific circumstances, it could be used to decrypt some secrets, such as a user's password or portions of it as they log in, but this is non-trivial and will pretty much fail in practicality.
As a MITM attack, Terrapin involves injecting a plaintext 'ignore' message into the pre-secure connection, during the handshake, so that the client thinks it came from the server and increments its sequence counter for received messages.
Admins can mitigate attacks by disabling the affected encryption modes in the configuration of their SSH servers, and use non-vulnerable algorithms such as AES-GCM instead. There is a risk that if the server is configured improperly or one's client don't support the config, access to the server may be lost, the researchers warned.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/20/terrapin_attack_ssh/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354 | 5.9 |
2023-11-14 | CVE-2023-46446 | Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | 6.8 |
2023-11-14 | CVE-2023-46445 | Insufficient Verification of Data Authenticity vulnerability in Asyncssh Project Asyncssh An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." | 5.9 |