The Terrapin Attack: A New Threat to SSH Integrity
Researchers at Ruhr University have found a significant vulnerability that targets the SSH protocol by manipulating the handshake process.
SECURITY
1/3/20241 min read
This new vulnerability, Terrapin, breaks the integrity of SSH’s secure channel. Yes, that’s just as bad as it sounds.
Anyone who does anything on the cloud or programming uses Secure Shell (SSH). So any vulnerability is bad news. Guess what? I’ve got some bad news. Researchers at Ruhr University have found a significant vulnerability in the SSH cryptographic network protocol, which they’ve labeled Terrapin.
This new security vulnerability, which has gotten three CVEs, CVE-2023-48795: General Protocol Flaw; CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH; and CVE-2023-46446: Rogue Session Attack in AsyncSSH poses a serious threat to internet security. Terrapin enables attackers to compromise the integrity of SSH connections, which are widely used for secure access to network services.
More Information: https://thenewstack.io/the-terrapin-attack-a-new-threat-to-ssh-integrity/
