The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

July 17, 2024 at 04:44AM The article “The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409” describes vulnerabilities in OpenSSH, namely “regreSSHion” and the signal handler race condition. It explains the technical details, exploitability in x64 systems, potential impact, and mitigation strategies. The vulnerabilities’ real-world impact is considered low due to the complexity of … Read more

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

January 3, 2024 at 10:10AM Nearly 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack, which manipulates sequence numbers during the handshake process to compromise the integrity of SSH channels. This attack affects both clients and servers and was developed by academic researchers from Ruhr University Bochum in Germany. The significance of this … Read more

SSH shaken, not stirred by Terrapin vulnerability

December 20, 2023 at 03:44AM The SSH protocol vulnerability, dubbed the Terrapin Attack, can be exploited in man-in-the-middle attacks to weaken SSH security. By injecting messages during the handshake and blocking certain messages, attackers can downgrade security, potentially compromising user credentials. Mitigations include software updates and disabling vulnerable encryption modes. Details were disclosed by computer … Read more