Terrapin attacks can downgrade security of OpenSSH connections

Terrapin attacks can downgrade security of OpenSSH connections

December 19, 2023 at 12:04PM

The Terrapin attack manipulates SSH handshake sequence numbers to sabotage channel integrity, downgrading encryption and allowing message modification in OpenSSH 9.5. It exploits transport layer protocol weaknesses and newer cryptographic algorithms, impacting a majority of SSH implementations. The MiTM requirement makes its threat less severe, with mitigation efforts underway. The researchers have published a Terrapin vulnerability scanner on GitHub. Multiple vendors are working to address the security problem, but a universal resolution will take time. The researchers have indicated that the strict key exchange countermeasure is only effective when implemented on both the client and the server. While patching CVE-2023-48795 may not be a priority in many cases due to the MiTM requirement, servers and clients need to be updated to protect against prefix truncation attacks.

The meeting notes describe a new attack called Terrapin that targets SSH connections by manipulating sequence numbers during the handshake process, resulting in compromised channel integrity. The attack enables the removal or modification of messages, leading to the downgrading of public key algorithms used for user authentication and the disabling of defenses against keystroke timing attacks in OpenSSH 9.5.

The attack exploits vulnerabilities in the SSH transport layer protocol in combination with newer cryptographic algorithms and encryption modes introduced by OpenSSH over a decade ago. It requires the attackers to be in a MiTM position at the network layer and the connection must be secured by specific encryption modes. Once the handshake is compromised, the severity of the attack’s repercussions depends on the data exchanged after the completion of the handshake.

The attack has been associated with several CVEs, and researchers have developed a vulnerability scanner to determine if an SSH client or server is vulnerable to Terrapin. While multiple vendors are working on mitigating the security problem, universal adoption of countermeasures may take time. The most effective mitigation factor currently is the requirement for attackers to be in a MiTM position, making the attack less severe in certain scenarios.

The full details of the Terrapin attack can be found in the technical whitepaper released by the researchers from Ruhr University Bochum.

Full Article