Security News > 2023 > December > SSH shaken, not stirred by Terrapin vulnerability

This isn't one to panic over, because someone will need to man-in-the-middle your vulnerable connection rather than directly attack your server; it's a downgrade attack primarily rather than a decryption or command injection issue; and there are ways to immediate protect yourself from Terrapin attacks.

There are three issues to be aware of: CVE-2023-48795, which is the generic exploitable protocol-level SSH vulnerability; and CVE-2023-46445 and CVE-2023-46446 specific to the Python SSH client AsyncSSH, which has an estimated 60,000 daily downloads.

Terrapin is a prefix truncation attack, and allows a MITM attacker to downgrade the security of an SSHv2 connection during extension negotiation.

As the university trio put it this week, a successful Terrapin attack can "Lead to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks in OpenSSH 9.5." In some very specific circumstances, it could be used to decrypt some secrets, such as a user's password or portions of it as they log in, but this is non-trivial and will pretty much fail in practicality.

As a MITM attack, Terrapin involves injecting a plaintext 'ignore' message into the pre-secure connection, during the handshake, so that the client thinks it came from the server and increments its sequence counter for received messages.

Admins can mitigate attacks by disabling the affected encryption modes in the configuration of their SSH servers, and use non-vulnerable algorithms such as AES-GCM instead. There is a risk that if the server is configured improperly or one's client don't support the config, access to the server may be lost, the researchers warned.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/20/terrapin_attack_ssh/