New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

January 1, 2024 at 04:48AM

Security researchers from Ruhr University Bochum discovered a vulnerability in the Secure Shell (SSH) protocol, labeled Terrapin (CVE-2023-48795), allowing attackers to downgrade connection security by manipulating the connection’s sequence numbers during the handshake. This can lead to the interception of sensitive data and control over critical systems. Various SSH client and server implementations are affected, and patches have been released to mitigate the risks.

From the meeting notes, it can be summarized that security researchers from Ruhr University Bochum have identified a vulnerability named Terrapin (CVE-2023-48795, CVSS score: 5.9) in the Secure Shell (SSH) cryptographic network protocol. This exploit allows an attacker, in an active adversary-in-the-middle (AitM) position, to downgrade the security of an SSH connection by manipulating extension negotiation messages. The flaw affects various SSH client and server implementations and requires patches to mitigate potential risks. It’s crucial for companies to ensure that their servers are patched and to identify and address any vulnerable occurrences across their infrastructure. This vulnerability could potentially lead to intercepting sensitive data or gaining control over critical systems with administrator privileged access. The use of appropriate security measures, including patching servers and mitigating vulnerable occurrences, is necessary to address this risk.

Full Article