December 20, 2023 at 03:44AM
The SSH protocol vulnerability, dubbed the Terrapin Attack, can be exploited in man-in-the-middle attacks to weaken SSH security. By injecting messages during the handshake and blocking certain messages, attackers can downgrade security, potentially compromising user credentials. Mitigations include software updates and disabling vulnerable encryption modes. Details were disclosed by computer scientists from Ruhr University Bochum.
Based on the meeting notes, the key takeaways are:
1. A vulnerability in the SSH protocol, known as the Terrapin Attack (CVE-2023-48795), can be exploited by a well-placed adversary to weaken the security of SSHv2 connections during extension negotiation.
2. The attack involves injecting and intercepting plaintext ‘ignore’ messages during the SSH handshake, which can lead to using less secure client authentication algorithms and deactivating specific countermeasures against certain attacks in OpenSSH 9.5.
3. The attack is primarily a downgrade attack and does not directly lead to decryption or command injection issues. However, it can potentially be used to exploit deeper weaknesses in specific client or server implementations.
4. Vulnerabilities specific to the Python SSH client AsyncSSH, known as CVE-2023-46445 and CVE-2023-46446, have been patched in version 2.14.1 and 2.14.2, respectively.
5. The cryptography algorithms ChaCha20-Poly1305 and CBC-Encrypt-then-MAC are vulnerable to Terrapin, and the attack may be probabilistically exploitable.
6. More than three-quarters of public-facing SSH servers support at least one mode that can be exploited in practice, with 57 percent setting an exploitable algorithm as the preferred choice.
In response to this, SSH software updates have been or will be released to address the Terrapin Attack, and mitigations are available to protect connections. It is recommended for users to keep an eye out for patches or updates and install them when available. Additionally, admins can mitigate attacks by disabling the affected encryption modes in the configuration of their SSH servers and use non-vulnerable algorithms such as AES-GCM instead. However, it’s important to be aware of potential risks associated with improper server configuration or lack of client support for the updated configurations.
If you require more detailed information or any further assistance, please feel free to ask!