A team of security researchers from Ruhr University Bochum in Germany has discovered a vulnerability in the Secure Shell (SSH) network protocol, known as Terrapin (CVE-2023-48795). This vulnerability allows attackers to compromise the security of SSH connections by manipulating sequence numbers during the handshake process, potentially extracting messages from servers and clients.
The Terrapin vulnerability targets cryptographic network protocols and is categorized as a prefix truncation attack. It is the first practically exploitable attack of this kind, focusing on cryptographic network protocols. The attack weakens authentication algorithms and undermines protections against attacks involving timing keystrokes, representing a new threat to the security of SSH connections.
At least 77% of SSH servers support modes that can be exploited through this vulnerability, making it a widespread concern. To execute a Terrapin attack, malicious actors need the capability to perform man-in-the-middle attacks to manipulate traffic at the network layer, particularly affecting encryption algorithms with the -cbc suffix.
Security experts recommend using vulnerability scanners to identify susceptible servers and clients. Mitigating the Terrapin vulnerability involves updating both clients and servers. Additionally, long-term awareness programs are recommended to enhance cybersecurity measures against potential attacks exploiting this SSH vulnerability.
The Terrapin vulnerability poses a significant threat to the security of SSH connections, allowing attackers to compromise authentication algorithms and undermine protections against timing keystroke attacks. With approximately 77% of SSH servers susceptible to this exploit, it highlights the widespread nature of the concern. Urgent measures, including vulnerability scanning, client-server updates, and comprehensive awareness programs, are crucial to mitigate the risk and enhance the overall cybersecurity posture. Addressing the Terrapin vulnerability is imperative for maintaining the integrity and security of cryptographic network protocols, underscoring the need for proactive measures in the face of evolving cybersecurity threats.