Terrapin Attack: A New Threat to SSH Protocol Security

January 2, 2024

The Secure Shell (SSH) cryptographic network protocol, used for operating network services securely over an unsecured network, has a newly discovered vulnerability named Terrapin (CVE-2023-48795). This flaw, discovered by researchers Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr University Bochum, can be exploited by an attacker to downgrade the connection’s security.

Terrapin is a prefix truncation attack that compromises the integrity of SSH’s secure channel. As the researchers explain in their advisory, “By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.” This can be executed in practice, allowing an attacker to downgrade the connection’s security by truncating the extension negotiation message (RFC8308) from the transcript.

The truncation may lead to the use of less secure client authentication algorithms and the disabling of specific countermeasures against keystroke timing attacks in OpenSSH 9.5. To carry out the Terrapin attack, a threat actor must be capable of performing a MitM attack at the network layer. Another precondition is that the connection must be secured by either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC. The Terrapin attack could potentially allow interception of sensitive data or takeover of critical systems using administrator privileged access.

As outlined in the analysis, “The attacker can drop the EXT_INFO message, used for negotiating several protocol extensions, without the client or server noticing it. Usually, packet deletion would be detected by the client when receiving the next binary packet sent by the server, as sequence numbers would mismatch. To avoid this, an attacker injects an ignored packet during the handshake to offset the sequence numbers accordingly.”

A detailed technical paper titled “Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation” has been published by the researchers. They also released a simple console application on GitHub written in Go that can help determine whether an SSH server or client is vulnerable to the Terrapin attack.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.