A groundbreaking attack named “Terrapin” has been uncovered, posing a significant threat to the security of the (SSH) Secure SHell Protocol. SSH, developed nearly 30 years ago to counter password sniffing attacks, is widely used to secure connections in organizations and is a foundational element of secure communication on the internet.
Terrapin, devised by researchers from Germany, exploits vulnerabilities in SSH implementations, specifically targeting the integrity of the SSH handshake. To execute Terrapin, attackers need an active man-in-the-middle position, intercepting and manipulating communications between administrators and the connected network. What sets Terrapin apart is its ability to undermine cryptographic SSH protections that were previously considered immune to such attacks.
The attack works by altering or corrupting information during the handshake, a crucial phase where encryption parameters are negotiated. It specifically targets two widely supported cipher modes, “ChaCha20-Poly1305” and “CBC with Encrypt-then-MAC”. Those cipher modes are supported by 77% of internet exposed SSH servers.
Terrapin involves three vulnerabilities, with CVE-2023-48795 being the overarching flaw in the SSH protocol allowing the prefix truncation attack. Two additional vulnerabilities, CVE-2023-46445 and CVE-2023-46446, exist in the AsyncSSH implementation.
While the severity of the risk depends on various factors unique to each network, Terrapin has demonstrated its ability to impact the negotiation of security-relevant protocol extensions, potentially leading to a compromise of confidentiality and integrity. The attack can impede countermeasures and enable advanced exploitation techniques, emphasizing the need for vigilance and updates in SSH implementations.
Developers of SSH software, including OpenSSH, have responded to the researchers’ recommendations, introducing an optional strict key exchange to prevent Terrapin. Organizations and users are advised to check for vulnerabilities, apply patches promptly, and stay informed on the evolving landscape of cryptographic protocols. The Terrapin revelation challenges the assumption that certain attacks are not possible, underscoring the importance of ongoing practical evaluations to identify and address security flaws in foundational internet protocols like SSH.
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://www.theregister.com/2023/12/20/terrapin_attack_ssh/
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-12-26-cybersecurity-and-open-source-headlines/