Researchers detail a MITM attack on SSH that can break the integrity of the protocol, the first “practical attack of its kind”; fixes face compatibility issues
SSH is an internet standard that provides secure access to network services … Connor Jones / The Register : SSH shaken, not stirred by Terrapin vulnerability Terrapin Attack : Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation Steve Ranger / ITPro : Terrapin SSH attack: How worried should you be? Gareth Halfacree / Hackster.io : Terrapin NIbbles at the Security of SSH Connections, If An Attacker Can Sit in the Middle RUB-NDS / RUB-NDS on GitHub : Terrapin Artifacts — Artifacts for Terrapin This repository contains artifacts for the paper … TechRadar : OpenSSH connections could be cracked by this all-new cyberattack Washington Post : Government operation wounds big-time ransomware gang RUB-NDS / RUB-NDS on GitHub : Terrapin Vulnerability Scanner Bill Toulas / BleepingComputer : Terrapin attacks can downgrade security of OpenSSH connections Terrapin Attack : Full Technical Paper (preprint; last update: 2023-10-18) Duncan Riley / SiliconANGLE : SSH communications threatened by emerging ‘Terrapin Attack’ method Threads: @nixcraft : Heads up: Bug in the SSH specification which allows a MitM attacker to drop certain messages from the secured connection. Update ssh when the upgrade is available for your Linux or Unix machines. https://terrapin-attack.com/ Mastodon: @sadiedoreen@mastodon.social : “While the risk Terrapin poses varies, it invalidates proofs published in 2016 that concluded such attacks weren't possible. The real lesson is that practical evaluations, like the one provided in Monday's research, are crucial for revealing previously overlooked flaws in such proofs.” https://arstechnica.com/... Dave Rahardja / @drahardja@sfba.social : @Techmeme @dangoodin This is really well-written, @dangoodin ! Dan Goodin / @dangoodin@infosec.exchange : As an added bonus, @trueskrillor, the lead author of the Terrapin paper (who still isn't active on Mastodon 🙁 ) is holding court in the comments forum. Now would be a good time to mosey on over and ask questions. — https://arstechnica.com/... Dan Goodin / @dangoodin@infosec.exchange : It's hard to overstate the importance of SSH in securing home networks, massive cloud centers and everything in between. Now, researchers have devised a novel cryptographic attack that breaks integrity of this widely used protocol. Dubbed Terrapin, it's the first-ever practical attack of its kind, and one of the very few attacks against SSH at all. … X: Fabian Bäumer / @trueskrillor : [1/7] We found an flaw in the SSH specification which allows a MitM attacker to drop certain messages from the secured connection. If you are using SSH, check this out: https://www.terrapin-attack.com/ 🐢 [image] Fabian Bäumer / @trueskrillor : [3/7] Our attack exploits that SSH does not authenticate the entire handshake, but only parts of it, and that sequence numbers carry over to the encrypted channel. This allows an attacker to insert a message into the handshake while dropping one from the secure channel. Colm MacCárthaigh / @colmmacc : This is incredibly good work and a great find! For users: You should update your SSH packages when they are available but don't risk your availability by being “drop everything” hasty. Thanks to defense in depth in the protocol this isn't as serious as prior issues in TLS/SSL. Jörg Schwenk / @joergschwenk : This attack complements previous research on the security of SSH because it considers both the handshake and the BPP encryption layer. LinkedIn: Dan Lorenc : We had the Rapid Reset protocol vulnerablity in TLS earlier this year, now we have another one - CVE-2023-48795 (dubbed Terrapin Attack) today in the SSH protocol! … Forums: Hacker News : SSH protects the most sensitive networks. It just got a lot weaker Ars OpenForum : Hackers can break SSH channel integrity using novel data-corruption attack