web analytics

SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec – Source: securityboulevard.com

ssh-fail:-terrapin-attack-smashes-‘secure’-shell-spec-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Richi Jennings

Line drawing of a diamondback terrapinLurking vuln in SSH spec means every implementation must build patches.

A nasty vulnerability in a crucial bit of internet plumbing has emerged from the depths. Terrapin is a MitM attack on SSH—the secure shell protocol. German academic researchers discovered the flaw, but kept it secret until now, allowing SSH projects a head start to fix it.

Not an ideal time for most IT/DevOps shops to be rolling out patches. In today’s SB Blogwatch, we jingle bells.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Martian ’23.

Testy Testudine

What’s the craic? Zeljka Zorz reports—“SSH vulnerability exploitable”:

Pushing out fixes

Terrapin is a prefix truncation attack targeting the SSH protocol. … Aside from downgrading the SSH conn­ection’s security by forcing it to use less secure client authentication algorithms, the attack can also be used to exploit vulnerabilities in SSH implementations.



The researchers have contacted nearly 30 providers of various SSH implementations and shared their research so they may provide fixes before publication. … But it will take a while for all clients and servers out there to be updated.



Vendors/maintainers of affected implementations, applications and Linux distros have been pushing out fixes, [including] AsyncSSH, LibSSH, OpenSSH, PuTTY, Transmit, SUSE … Dropbear SSH, Rust SSH, Thrussh, Paramiko, and libssh2.

Want more detail? Bill Toulas has your back—“Terrapin attacks can downgrade security”:

Both the client and the server

Terrapin … manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. This … lets attackers remove or modify messages ex­changed through the communication channel, which leads to downgrading the public key algorithms used for user auth­entication or disabling defenses against keystroke timing attacks.



Researchers from the Ruhr University Bochum developed the Terrapin attack … identified as CVE-2023-48795. [It] lowers the security of the established connection by truncating important negotiation messages without the client or server noticing it.



One solution is to implement a strict key exchange that makes package injection during the handshake un­a­ttainable. [But it] is only effective when implemented on both the client and the server.

Horse’s mouth? Fabian Bäumer, Marcus Brinkmann und Jörg Schwenk—“Terrapin Attack”:

AES-GCM (RFC5647) is not affected

SSH is an internet standard that provides secure access to network services, particularly remote terminal login and file transfer. … Terrapin breaks the integrity of SSH’s secure channel … without the client or server noticing it … by truncating the extension negotiation message (RFC8308) [which] can lead to using less secure client auth­en­ti­cation algorithms.



Terrapin applies to most real-world SSH sessions. … In practice, our attack can be applied against any connection using either ChaCha20-Poly1305 or any CBC-mode cipher in combination with the Encrypt-then-MAC paradigm. … If your SSH implementations supports (and is configured to offer) the [email protected] encryption algorithm, or any encryption algorithm suffixed -cbc in combination with any MAC algorithm suffixed [email protected], you are vulnerable.



If you feel uncomfortable waiting for your SSH implementation to provide a patch, you can workaround this vulnerability by temporarily disabling the affected … algorithms in the configuration of your SSH server or client. … AES-GCM (RFC5647) is not affected by Terrapin as it does not use the SSH sequence numbers. Instead, AES-GCM uses the IV obtained from key derivation as its nonce.

Clever stuff. tptacek facepalms, furiously:

SSH … looks at the handshake as a vehicle for setting up a DH-style key exchange. That’s all it’s for—everything else happens inside the secure transport that key exchange provides. … The problem is: SSH also does implicit sequence numbers; receivers keep track of how many messages they’ve received, senders keep track of how many they’ve sent. Not only that, but SSH has (for reasons passing understanding) a NOP message (

IGNORE

) [which] carries no data used to do key generation … but it does impact sequence numbers.

Result: MITM attackers can set sequence numbers to arbitrary values (by injecting

IGNORE

in the handshake), and then edit out subsequent messages (by just not sending them). … This is a pretty obvious problem! It’s abso­lutely not something you can just accept from a secure transport protocol.

Lest we forget, this is a vulnerability in the protocol spec itself—not merely in one implementation. As Skrillor explains:

This vulnerability is notoriously hard to patch because it resides deep within the specification. Strict key ex­change makes incompatible changes to the message and sequence number handling and is, therefore, locked behind an indicator string. If and only if both peers signal support for strict key exchange, the countermeasure can take effect.

And Ozzard agrees:

Protocol bugs: Always the hardest to fix. Lovely attack — props to the folks discovering it. Looks like I have a busy Christmas patching a very large number of systems.

Happy holidays, IT and DevOps. Pentium100 reminds us of the other option:

Disable that algorithm, I guess.

There might be wider implications. But u/CryptoOGkauai sees the silver lining:

The gist of it is: If you’re still using CBC ciphers instead of CTR ciphers for your AES256 SSH encryption then you’re going to get rekt. Get rid of CBC ciphers and you’re good, which has been best practice for a while.

Meanwhile, AnomalousBit brings us this uncomfortable mental image:

Yep you heard it too: The sound of thousands of ****holes clenching in unison.

And Finally:

The boxheads’ year

CW: Smoking, spiders, snakes, Shakira.

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Florida State Parks (public domain; leveled and cropped)

Recent Articles By Author

Original Post URL: https://securityboulevard.com/2023/12/ssh-terrapin-attack-richixbw/

Category & Tags: Analytics & Intelligence,API Security,Application Security,AppSec,Cloud Security,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Digital Transformation,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Insider Threats,IOT,IoT & ICS Security,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Securing Open Source,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social – Facebook,Social – LinkedIn,Social – X,Social Engineering,Software Supply Chain Security,Spotlight,Threats & Breaches,Vulnerabilities,Zero-Trust,Authentication,CBC,ChaCha20,chaves ssh,CVE-2023-48795,libSSH,Man In The Middle,man in the middle attack,man in the middle attacks,mitm,MitM Attack,mitm attack prevention,mitm attacks,openssh,OpenSSH protocol,SB Blogwatch,SSH,Terrapin – Analytics & Intelligence,API Security,Application Security,AppSec,Cloud Security,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Digital Transformation,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Insider Threats,IOT,IoT & ICS Security,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Securing Open Source,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social – Facebook,Social – LinkedIn,Social – X,Social Engineering,Software Supply Chain Security,Spotlight,Threats & Breaches,Vulnerabilities,Zero-Trust,Authentication,CBC,ChaCha20,chaves ssh,CVE-2023-48795,libSSH,Man In The Middle,man in the middle attack,man in the middle attacks,mitm,MitM Attack,mitm attack prevention,mitm attacks,openssh,OpenSSH protocol,SB Blogwatch,SSH,Terrapin

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
Cybertalk.org
ChatGPT Security Risks -A Guide for Cyber Security Professionals by Cybertalk.org
ChatGPT Security Risks -A Guide...
Chris Davis
Blue Team Cheat Sheets by Chris Davis
Blue Team Cheat Sheets by...
MITRE
11 STRATEGIES OF A WORLD-CLASS CYBERSECURITY OPERATIONS CENTERS HIGHLIGHTS BY MITRE
11 STRATEGIES OF A WORLD-CLASS...
Harvard Business Review
Boards Are Having the Wrong Conversations About Cybersecurity – Board interactions with the CISO are lacking – by Lucia Millica and Keri Pearlson – Harvard Business Review
Boards Are Having the Wrong...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response