![cover image](https://wikiwandv2-19431.kxcdn.com/_next/image?url=https://upload.wikimedia.org/wikipedia/commons/thumb/b/bc/Terrapin-square.png/640px-Terrapin-square.png&w=640&q=50)
Terrapin attack
Cryptographic attack on the ssh protocol / From Wikipedia, the free encyclopedia
The Terrapin attack is a cryptographic attack on the commonly used SSH protocol that is used for secure command-and-control throughout the Internet. The Terrapin attack can reduce the security of SSH by using a downgrade attack via man-in-the-middle interception.[1][2][3] The attack works by prefix truncation; the injection and deletion of messages during feature negotiation, manipulating sequence numbers in a way that causes other messages to be ignored without an error being detected by either client or server.[4]
![]() Logo for the Terrapin attack | |
CVE identifier(s) | CVE-2023-48795 |
---|---|
Date discovered | 19 December 2023; 6 months ago (2023-12-19) |
Discoverer | Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk (Ruhr University Bochum) |
Affected software | implementations of the Secure Shell (SSH) protocol including OpenSSH |
Website | https://terrapin-attack.com/ |
According to the attack's discoverers, the majority of SSH implementations were vulnerable at the time of the discovery of the attack (2023).[4] As of January 3, 2024, an estimated 11 million publicly accessible SSH servers are still vulnerable.[5] However, the risk is mitigated by the requirement to intercept a genuine SSH session, and that the attack can only delete messages at the start of a negotiation, fortuitously resulting mostly in failed connections.[4][6] Additionally the attack requires the use of either ChaCha20-Poly1305 or a CBC cipher in combination with Encrypt-then-MAC modes of encryption.[7] The SSH developers have stated that the major impact of the attack is the capability to degrade the keystroke timing obfuscation features of SSH.[6]
The designers of SSH have implemented a fix for the Terrapin attack, but the fix is only fully effective when both client and server implementations have been upgraded to support it.[1] The researchers who discovered the attack have also created a vulnerability scanner to determine whether an SSH server or client is vulnerable.[8]
The attack has been given the CVE ID CVE-2023-48795.[9][3] In addition to the main attack, two other vulnerabilities were found in AsyncSSH, and assigned the CVE IDs CVE-2023-46445 and CVE-2023-46446.[3]