Researchers have devised a new attack strategy, called “Terrapin,” that exploits vulnerabilities in the SSH protocol. While vendors are moving on with mitigating the flaws, it may take some time for the patches to be available worldwide.
Terrapin Attack Breaks SSH Protocol Security
A team of researchers from the Ruhr University Bochum has devised the Terrapin attack as a demonstration of existing vulnerabilities in the SSH protocol.
SSH (Secure Shell) is a trusted encryption protocol for maintaining and protecting network services, providing users with a secure access to the servers. The protocol encrypts the client-server connection over the internet, preventing intrusions.
Given its sense of security, SSH is common across networks globally. It also means that any vulnerabilities in this encryption protocol, if exploited, can impart severe damage. That’s what the researchers have explained in their recent study.
Briefly, the researchers have come up with the Terrapin attack as a means to break the SSH secure channel. The attack works by carefully adjusting the sequence numbers during the SSH handshake, allowing the attacker to access and/or remove messages from the beginning of the client-server connection, leaving no traces behind.
Regarding the real-world application of the Terrapin attack, the researchers stated,
“The attack can be performed in practice, allowing an attacker to downgrade the connection’s security by truncating the extension negotiation message (RFC8308) from the transcript. The truncation can lead to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks in OpenSSH 9.5.
An adversary may also use Terrapin to exploit implementation flaws, such as those the researchers discovered in the AsyncSSH. The attacker may sign the victim’s client into another account without traces, gaining MiTM access at the session layer.
The researchers have shared the technical details about the Terrapin attack in their research paper alongside setting up a dedicated web page elaborating on the matter. Besides, the vulnerabilities exploited in this attack have received the following CVE IDs.
- CVE-2023-48795: General Protocol Flaw
- CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
- CVE-2023-46446: Rogue Session Attack in AsyncSSH
What Next?
Exploiting Terrapin necessarily requires an active MiTM access at the TCP/IP layer for the adversary. Besides, it requires “either ChaCha20-Poly1305, or any CBC cipher in combination with Encrypt-then-MAC as the connection’s encryption mode.”
Although this combination is common across the SSH ecosystem, making at least 70% of the servers vulnerable, admins can mitigate the flaw by temporarily disabling the affected [email protected] encryption and [email protected] MAC algorithms in the SSH server configuration of your SSH server (or client). The researchers advise using unaffected algorithms like AES-GCM.
Nonetheless, admins should consider it a temporary workaround until they receive a permanent patch. The researchers confirm that numerous vendors have upgraded their SSH implementations to support strict key exchange, preventing an adversary from injecting packets during the initial unencrypted handshake. Yet, patching all vulnerable SSH clients and servers globally may take time.
Until then, to help users stay updated about the vulnerability status of their servers, the researchers have released a dedicated Terrapin Scanner tool on GitHub.
Let us know your thoughts in the comments.