Researchers at Ruhr University Bochum have uncovered a critical vulnerability in the Secure Shell (SSH) protocol known as Terrapin (CVE-2023-48795, CVSS score: 5.9). This vulnerability introduces a novel prefix truncation attack, enabling attackers to compromise the integrity of SSH’s secure channel by manipulating sequence numbers during the handshake process, permitting the removal of initial messages without detection. SSH, a vital method for securely transmitting commands over unsecured networks, relies on handshakes for cryptographic authentication and encryption, making this flaw particularly concerning. Attackers in an active middle position can intercept and modify traffic, weakening SSH connection security, with potential repercussions for large interconnected networks. Vulnerable encryption modes include ChaCha20-Poly1305 and CBC with Encrypt-then-MAC, affecting SSH implementations like OpenSSH, PuTTY, and WinSCP. Organizations must urgently patch both servers and clients to ensure secure connections in response to this serious threat.
Relevant URL: https://thehackernews.com/2024/01/new-terrapin-flaw-could-let-attackers.html