New Terrapin attack weakens SSH, and everyone is vulnerable


Network defenders have one more thing to worry about. Secure Shell or SSH, a network protocol for secure communication and data transfers, is vulnerable to a new type of attack named Terrapin, which breaks the integrity of a secure channel.

Computer scientists at Germany's Ruhr University Bochum shared how a Terrapin attack could allow an attacker to downgrade the security of an SSH connection when using SSH extension negotiation. The impact in practice would heavily depend on the supported extensions, but “almost everyone” is vulnerable. SSH is used to power connections between over 15 million servers on the open internet.

“Our scan indicated that at least 77% of SSH servers on the internet supported at least one mode that can be exploited in practice,” the paper reads.

ADVERTISEMENT

Terrapin enables attackers to remove messages sent by the client or the server without noticing by carefully adjusting the sequence numbers during the handshake, a process by which two entities establish a secure communication channel. That allows attackers to downgrade the connection’s security, leading to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks.

“Most commonly, this will impact the security of client authentication when using an RSA public key. When using OpenSSH 9.5, it may also be used to deactivate certain countermeasures to keystroke timing attacks,” researchers write.

However, admins probably should not drop everything and run to fix this vulnerability just yet.

To perform a Terrapin attack in practice, attackers require man-in-the-middle capabilities at the network layer to intercept and modify the traffic. Also, specific encryption methods must be agreed upon to ensure the secure transmission of data during our connection.

“In more technical terms, if your SSH implementations support (and are configured to offer) the [email protected] encryption algorithm, or any encryption algorithm suffixed -cbc in combination with any MAC algorithm suffixed [email protected], you are vulnerable to Terrapin,” researchers write and suggest to use their vulnerability scanner to determine if the client or the server is vulnerable.

The Terrapin attack can be considered the first attack in a new family of attacks targeting cryptographic network protocols and is the first ever practically exploitable prefix truncation attack that researchers know of. Three common vulnerability vulnerability and exposure (CVE) numbers were assigned to it.

“Terrapin is not a simple software bug that can be fixed with an update to a single library or component. Instead, clients and servers need to be updated to protect the connection against prefix truncation attacks. This means we need to raise awareness of the issue across all SSH client and server implementations, which is a considerable effort. We expect that the general Terrapin attack will stay with us for many years, so we have a cute animal to keep us company while we help clients and servers to adopt the suggested countermeasures!” the paper concludes.

ADVERTISEMENT