The recent Terrapin bug may downgrade the SSH security protocol

Not long ago, the security experts of Ruhr University Bochum discovered a vulnerability in Secure Shell of the cryptographic network protocol. According to the researchers, this flaw can easily allow hackers to downgrade the connection’s security by cracking the credibility of the secure channel. 

However, the exploit known as Terrapin (CVE-2023-48795, CVSS score: 5.9) is claimed to be the first practical exploitable prefix truncation attack. Additionally, researchers Jörg Schwenk, Marcus Brinkmann, and Fabian Baumer stated that an attacker could remove any number of messages delivered by the client or server at the start of the secure channel by carefully altering the sequence numbers during the handshake.

Moreover, SSH is a platform that securely sends commands to the computer over the unsecured internet. Commonly, it depends on the cryptography to validate and encrypt the connections between the devices. By agreeing on the cryptographic primitives and exchange keys needed to set up a secure channel that can guarantee confidentiality and integrity, the client and server accomplish this through a handshake.

Consequently, SSH extension negotiation can, however, reduce the security of an SSH connection when a malevolent actor in an active adversary-in-the-middle (AitM) position can intercept and alter the connection's traffic at the TCP/IP layer. 

“The attack can be executed in practice, enabling an attacker to lower the connection's security by reducing the extension negotiation message  (RFC8308) from the transcript.”

“Generally, Truncation may cause clients to use less secure client authentication algorithms and deactivate specific countermeasures against keystroke timing attacks in OpenSSH 9.5.”

Besides this, to successfully carry out the attack, it is essential to use a secure encryption mode, such as ChaCha20-Poly1305 or CBC with Encrypt-then-MAC to secure the connection. 

"In an actual scenario, an attacker could exploit the flaw to steal sensitive data or gain control over vital systems using administrator-authorized access," Qualys explained. "This risk is especially severe for organizations with large, interconnected infrastructures that provide access to protected data."

However, this bug impacts several clients and server implementations, like OpenSSH, Paramiko, PuTTY, KiTTY, WinSCP, libssh, libssh2, AsyncSSH, FileZilla, and Dropbear, resulting in the maintainers releasing patches to mitigate potential risks. 

As SSH servers and OpenSSH in certain are so often used throughout cloud-based enterprise application environments, organizations must ensure they have taken suitable measures to patch their servers," Yair Mizrahi, a senior security researcher of security research at JFrog explained. 

Moreover, connecting to a patched server by a vulnerable client will still result in a vulnerable connection. Therefore, companies must take suitable steps to recognize any vulnerable occurrence in their complete infrastructure and apply mitigation straight away.