Security researchers at Germany’s Ruhr University Bochum two weeks ago discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that allows an attacker to downgrade the connection’s security executed by the protocol.
Called Terrapin (CVE-2023-48795, CVSS score 5.9), this exploit is a prefix truncation attack, where some encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it.
This is accomplished during the handshake process in which sequence numbers are manipulated when establishing an SSH connection and messages exchanged between client and server are then specifically removed.
To perform a Terrapin attack, attackers need to be in an adversary-in-the-middle position (also abbreviated as AitM and known as man-in-the-middle or MitM) at the network layer to intercept and modify the handshake exchange, and the connection must be secured by either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC.
“The attack can be performed in practice, allowing an attacker to downgrade the connection’s security by truncating the extension negotiation message (RFC8308) from the transcript,” the researchers explained in their paper.
“The truncation can lead to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks in OpenSSH 9.5.”
Now, a recent scan by security threat monitoring platform Shadowserver warns that there are nearly 11 million IP addresses exposing an SSH server that are vulnerable to Terrapin attacks.
Nearly a third of those addresses, 3.3 million, were identified in the United States, followed by China (1.3 million), Germany (1 million), Russia (700,000), Singapore (390,000), and Japan (380,000).
This represents approximately 52% of all IPv4 and IPv6 addresses analyzed by the Shadowserver Foundation’s monitoring system.
Although not all 11 million SSH servers (by unique IP) are at immediate risk of being attacked given the conditions of the Terrapin attack, this still leaves many possibilities for cybercriminals to exploit.
The Ruhr University Bochum researchers have provided a vulnerability scanner on the GitHub repository for Linux, Windows, and macOS users who want to check if their SSH client or server is vulnerable to Terrapin.