Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 05/01/2024

REF NO : CERT /2024/ 01/02

Terrapin Attack on SSH Handshake Protocols

Severity Level: High

Components Affected

OpenSSH version prior to 9.6

Overview

The Terrapin attack is a recently discovered vulnerability in the SSH handshake protocol that compromises the integrity of SSH’s secure channel. It does this by manipulating sequence numbers during the initial handshake process. This attack poses a significant risk to a vast majority of SSH users due to the widespread adoption of the encryption modes it targets.

Description

The Terrapin attack, a prefix truncation attack targeting SSH, specifically compromises the secure channel’s integrity by manipulating sequence numbers. This manipulation can result in: Downgrading authentication methods, potentially replacing strong algorithms with weaker ones, disabling defenses against keystroke timing attacks, particularly in OpenSSH 9.5 and Exploiting additional vulnerabilities in certain SSH implementations for amplified impact.

Impact

  • Unauthorized access to sensitive systems: Exploited passwords or weaker authentication methods could grant attackers access to critical data.
  • Data breaches and exfiltration: Sensitive information on vulnerable systems could be stolen and leaked.

Solution/ Workarounds

  • Patch OpenSSH and other SSH implementations to the latest versions. These versions include fixes for the Terrapin vulnerability.
  • Disable Vulnerable Encryption Modes: If updating clients is not immediate, disable ChaCha20-Poly1305 and CBC with Encrypt-then-MAC on both client and server configurations.
  • Ensure both client and server support the strict key exchange countermeasure, a crucial step in mitigating the vulnerability.
  • Implement security tools and intrusion detection systems to monitor network traffic for suspicious activity, particularly around SSH connections.
  • Implement strong password policies, avoid using SSH over untrusted networks, and regularly audit system configurations for vulnerabilities.

Reference

https://www.openssh.com/security.html

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC