Security News > 2023 > December > SSH shaken, not stirred by Terrapin vulnerability

SSH shaken, not stirred by Terrapin vulnerability
2023-12-20 08:34

This isn't one to panic over, because someone will need to man-in-the-middle your vulnerable connection rather than directly attack your server; it's a downgrade attack primarily rather than a decryption or command injection issue; and there are ways to immediate protect yourself from Terrapin attacks.

There are three issues to be aware of: CVE-2023-48795, which is the generic exploitable protocol-level SSH vulnerability; and CVE-2023-46445 and CVE-2023-46446 specific to the Python SSH client AsyncSSH, which has an estimated 60,000 daily downloads.

Terrapin is a prefix truncation attack, and allows a MITM attacker to downgrade the security of an SSHv2 connection during extension negotiation.

As the university trio put it this week, a successful Terrapin attack can "Lead to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks in OpenSSH 9.5." In some very specific circumstances, it could be used to decrypt some secrets, such as a user's password or portions of it as they log in, but this is non-trivial and will pretty much fail in practicality.

As a MITM attack, Terrapin involves injecting a plaintext 'ignore' message into the pre-secure connection, during the handshake, so that the client thinks it came from the server and increments its sequence counter for received messages.

Admins can mitigate attacks by disabling the affected encryption modes in the configuration of their SSH servers, and use non-vulnerable algorithms such as AES-GCM instead. There is a risk that if the server is configured improperly or one's client don't support the config, access to the server may be lost, the researchers warned.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/20/terrapin_attack_ssh/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-11-14 CVE-2023-46446 Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
network
high complexity
asyncssh-project CWE-639
6.8
2023-11-14 CVE-2023-46445 Insufficient Verification of Data Authenticity vulnerability in Asyncssh Project Asyncssh
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
network
high complexity
asyncssh-project CWE-345
5.9