Nearly 11 million SSH servers vulnerable to new Terrapin attacks

January 3, 2024 at 10:10AM Nearly 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack, which manipulates sequence numbers during the handshake process to compromise the integrity of SSH channels. This attack affects both clients and servers and was developed by academic researchers from Ruhr University Bochum in Germany. The significance of this … Read more

Terrapin attacks can downgrade security of OpenSSH connections

December 19, 2023 at 12:04PM The Terrapin attack manipulates SSH handshake sequence numbers to sabotage channel integrity, downgrading encryption and allowing message modification in OpenSSH 9.5. It exploits transport layer protocol weaknesses and newer cryptographic algorithms, impacting a majority of SSH implementations. The MiTM requirement makes its threat less severe, with mitigation efforts underway. The … Read more