SSH Vulnerable to Terrapin Attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

  • Security researchers have discovered a new vulnerability called Terrapin that impacts the Secure Shell (SSH) network protocol.
  • According to the study, at least 77% of SSH servers support modes that can be exploited through the vulnerability.

Security researchers from Germany’s Ruhr University Bochum have found a vulnerability in Secure Shell (SSH) cryptographic network protocol that can enable malicious actors to reduce protections in what is normally considered a secure channel. The vulnerability is known as Terrapin, the CVE-2023-48795, which is a prefix truncation attack.

The Terrapin vulnerability allows attackers to extract messages from servers and clients by making changes to sequence numbers during handshake processes to establish secure communication channels. This reduces the security of the connections, weakening authentication algorithms and stopping protections against attacks that involve timing keystrokes.

See More: 1.3M LoanCare Borrowers Data Exfiltrated in Fidelity National Financial Breach

The vulnerability is the very first practically exploitable prefix truncation attack found by researchers, which is part of a new group of attacks that primarily target cryptographic network protocols.

To execute a Terrapin attack, threat actors need the capabilities to perform man-in-the-middle attacks to adjust traffic at the network layer. They especially affect encryption algorithms with the -cbc suffix.

Using vulnerability scanners has been recommended to check for susceptible servers and clients. In addition, client and server updates and long-term awareness programs will be required to stave off the effects of the Terrapin vulnerability.

What measures does your organization follow to mitigate security vulnerabilities? Let us know your thoughts on LinkedInOpens a new window