Security researchers have identified a new threat targeting the integrity of Secure Shell (SSH) communications called as the Terrapin Attack.
The Terrapin Attack is a prefix truncation assault against the SSH protocol, disrupting the security of the SSH channel. By adjusting sequence numbers during the handshake process, attackers can covertly remove crucial messages from either the client or server, undetected. This vulnerability not only jeopardizes the channel’s integrity but also downgrades connection security, potentially leading to the use of less secure client authentication algorithms and disabling vital countermeasures against keystroke timing attacks.
General Protocol Flaw
CVE-2023-48795 with a CVSS 5.9 resides with the manipulation of sequence numbers during the SSH handshake process. An attacker can strategically remove initial messages on the secure channel without triggering a MAC failure. The attacker can disable the ping extension, a critical feature in OpenSSH 9.5 designed to counteract keystroke timing attacks. These timing attacks, though subtle, pose significant risks in secure communications, making this vulnerability especially concerning for users relying on the latest versions of OpenSSH for enhanced security. The attack can only result in the deletion of consecutive messages. In practical terms, this means that removing most messages at this stage of the protocol halts user authentication, leading to a stalled connection rather than a compromised one.
Rogue Extension Negotiation Attack in AsyncSSH & Rogue Session Attack in AsyncSSH
These vulnerabilities are tracked as CVE-2023-46445 and CVE-2023-46446 discovered by the research team at Ruhr University Bochum, consisting of Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk. Their research has unveiled Terrapin’s capacity to exploit flaws in the AsyncSSH server’s state machine, allowing for potent phishing attacks and even granting attackers Man-in-the-Middle capabilities within encrypted sessions.
Executing the Terrapin Attack requires MitM capabilities at the network layer, meaning the attacker must intercept and modify the connection’s traffic. Moreover, the connection must be secured by either CBC with Encrypt-then-MAC encryption modes. These encryption modes are widely adopted, making most real-world SSH sessions vulnerable.
To scan this vulnerability, researchers have provided a simple Go-based console application. This tool assesses whether an SSH server or client is susceptible to the Terrapin Attack. While it does not perform a full handshake or execute the attack, it is an essential resource for administrators seeking to safeguard their networks.
The attack requires a specific set of conditions to be met, including an active MitM attacker and the negotiation of specific encryption modes. It is advised to disable affected encryption algorithms and adopt alternatives like AES-GCM, keeping in mind potential compatibility issues and other vulnerabilities.
The implications of the Terrapin attack are significant, particularly in terms of security downgrades during SSH extension negotiations. This could affect client authentication security, especially when using RSA public keys, and in some cases, may deactivate countermeasures against keystroke timing attacks in OpenSSH 9.5.
The Terrapin attack has been acknowledged by multiple vendors, leading to updates in SSH implementations to support an optional strict key exchange. This measure, while effective, requires support from both client and server to be effective.
