CVE-2023-48795: SSH Flaw Lets Hackers Strip Secrets From Your Connection

In the ever-evolving landscape of cybersecurity, a new threat has emerged, targeting the integrity of Secure Shell (SSH) communications – the Terrapin Attack. SSH, a vital tool for secure access to network services, is now under siege by this sophisticated method of sequence number manipulation.

At its core, the Terrapin Attack is a prefix truncation assault against the SSH protocol, disrupting the security of the SSH channel. By strategically adjusting sequence numbers during the handshake process, attackers can covertly remove crucial messages from either the client or server, undetected. This vulnerability not only jeopardizes the channel’s integrity but also downgrades connection security, potentially leading to the use of less secure client authentication algorithms and disabling vital countermeasures against keystroke timing attacks.

The Terrapin Attack includes three CVE vulnerabilities:

• CVE-2023-48795: General Protocol Flaw
  CVE-2023-48795 (CVSS 5.9) revolves around the manipulation of sequence numbers during the SSH handshake process. An attacker, by employing this method, can strategically remove initial messages on the secure channel without triggering a MAC (Message Authentication Code) failure. This capability might seem innocuous at first glance, but its implications are far-reaching.For instance, an attacker can disable the ping extension, a critical feature in OpenSSH 9.5 designed to counteract keystroke timing attacks. These timing attacks, though subtle, pose significant risks in secure communications, making this vulnerability especially concerning for users relying on the latest versions of OpenSSH for enhanced security.

  Despite its innovative cryptographic approach, the security impact of CVE-2023-48795 is fortunately limited. The attack can only result in the deletion of consecutive messages. In practical terms, this means that removing most messages at this stage of the protocol halts user authentication, leading to a stalled connection rather than a compromised one.

  However, one cannot overlook the most significant impact identified: the CVE-2023-48795 vulnerability allows a Man-in-the-Middle (MITM) attacker to delete the SSH2_MSG_EXT_INFO message sent before authentication. This deletion effectively disables a subset of features designed to obscure keystroke timing, albeit without any other observable impact on session secrecy or integrity.

• CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
• CVE-2023-46446: Rogue Session Attack in AsyncSSH

The origins of this threat trace back to the research team at Ruhr University Bochum, consisting of Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk. Their research has unveiled Terrapin’s capacity to exploit flaws in the AsyncSSH server’s state machine, allowing for potent phishing attacks and even granting attackers Man-in-the-Middle (MitM) capabilities within encrypted sessions.

Executing the Terrapin Attack requires MitM capabilities at the network layer, meaning the attacker must intercept and modify the connection’s traffic. Moreover, the connection must be secured by either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption modes. Alarmingly, these encryption modes are widely adopted, making most real-world SSH sessions vulnerable.

In response to this threat, researchers have provided a simple Go-based console application, serving as a vulnerability scanner. This tool assesses whether an SSH server or client is susceptible to the Terrapin Attack. While it does not perform a full handshake or execute the attack, it is an essential resource for administrators seeking to safeguard their networks.

Administrators wondering about the immediacy of addressing this issue can breathe a slight sigh of relief. The attack requires a specific set of conditions to be met, including an active MitM attacker and the negotiation of specific encryption modes. However, as a precaution, it is advised to disable affected encryption algorithms and adopt alternatives like AES-GCM, keeping in mind potential compatibility issues and other vulnerabilities.

The implications of the Terrapin attack are significant, particularly in terms of security downgrades during SSH extension negotiations. This could affect client authentication security, especially when using RSA public keys, and in some cases, may deactivate countermeasures against keystroke timing attacks in OpenSSH 9.5.

The Terrapin attack has been acknowledged by multiple vendors, leading to updates in SSH implementations to support an optional strict key exchange. This measure, while effective, requires support from both client and server to be effective.