The Secure Shell (SSH) protocol is widely utilized for secure remote access to servers, services, applications, and automated file transfers, with millions of connections established weekly.
SSH Communication Security, the company that developed the SSH protocol, recently learned of a new vulnerability (CVE-2023-48795) named Terrapin, which poses a potential downgrade attack affecting SSH connections.
Impact of Terrapin Attack: Fortunately, the vulnerability is categorized as moderate, as assessed by SSH Communication Security and corroborated by RedHat. However, it remains concerning due to its capability to downgrade the security of SSH connections, albeit the likelihood of exploitation is low. This vulnerability spans multiple products and encryption ciphers, which is relatively uncommon.
Terrapin Attack Details: Terrapin leverages prefix truncation to potentially enable attackers to downgrade secure signature algorithms and disable certain security measures against keystroke timing attacks in OpenSSH. While this vulnerability could facilitate man-in-the-middle (MitM) attacks, it requires interception of the connection. Additionally, the session must be protected by either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption modes, which are widely used globally.
For a detailed explanation of the Terrapin attack, visit the Terrapin Attack page.
Assessing Terrapin SSH Risk Posture: As SSH protocol experts, we provide tools to assist organizations in securing their networks, especially those heavily reliant on SSH. While the impact of the Terrapin vulnerability may not be severe for your organization, it underscores the importance of Secure Shell governance, an often overlooked aspect of security.
Our SSH Risk Assessment Service identifies vulnerable servers susceptible to the Terrapin attack, allowing you to upgrade them at your convenience without the hassle of identification. We also:
- Identify SSH keys used for authentication, critical in large IT environments where their numbers can be substantial.
- Detect policy and compliance breaches such as weak cryptographic algorithms or inadequate key sizes.
- Prepare comprehensive reports for IT audits, outlining environment status and recommendations for compliance.
- Prevent security control bypasses like PAM bypasses commonly exploited via SSH keys.
- Provide guidance on enhancing SSH key governance through recommended next steps.
For a quick start to improving SSH security posture, explore our SSHerlock Discovery & Audit Self-service tool. Sign up here to begin.
Consider our Universal SSH Key Manager, recognized as the most comprehensive software for managing SSH key lifecycles, facilitating migration to a keyless authentication model.
Source: https://www.ssh.com/blog/the-terrapin-attack-vulnerability-in-the-ssh-protocol-how-to-stay-secure
About DT Asia
DT Asia began in 2007 with a clear mission to build the market entry for various pioneering IT security solutions from the US, Europe and Israel.
Today, DT Asia is a regional, value-added distributor of cybersecurity solutions providing cutting-edge technologies to key government organisations and top private sector clients including global banks and Fortune 500 companies. We have offices and partners around the Asia Pacific to better understand the markets and deliver localised solutions.
