Categories
News Security

Terrapin Attack, SSH protocol vulnerability

I had to evaluate the risk of a potential Terrapin attack.

  • CVE-2023-48795: General Protocol Flaw
  • CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
  • CVE-2023-46446: Rogue Session Attack in AsyncSSH

The Terrapin attack can target connections secured with ChaCha20-Poly1305 or CBC-mode ciphers with Encrypt-then-MAC. There is a theoretical vulnerability in CTR-mode ciphers combined with Encrypt-then-MAC, but it is not currently exploitable in real-world scenarios.

The attack requires an active Man-in-the-Middle.

OpenSSH and other vendors have implemented a strict key exchange countermeasure, but for it to be effective, both client and server must support it. Connecting a vulnerable client to a patched server, or vice versa, still results in a vulnerable connection.

One of the simplest ways to mitigate this issue is to exclude ChaCha20-Poly1305 from the list of permitted ciphers. However, the main drawback is the potential inability to establish connections due to the incompatibility of the list.

The researcher provided a tool to verify the presence of the vulnerability in your installation.

https://github.com/RUB-NDS/Terrapin-Scanner

PS C:\Users\user\Downloads> .\Terrapin_Scanner_Windows_amd64.exe --connect example.com
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.5

ChaCha20-Poly1305 support:   true
CBC-EtM support:             false

Strict key exchange support: true

The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. Glad to see this.
For strict key exchange to take effect, both peers must support it.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com

I tested it, and it generates either a regular console output or a JSON output for machine processing.

PS C:\Users\user\Downloads> .\Terrapin_Scanner_Windows_amd64.exe --connect example.com --json
{
    "Banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.5",
    "SupportsChaCha20": true,
    "SupportsCbcEtm": false,
    "SupportsStrictKex": true,
    "Vulnerable": false
}

No need to panic, but please install the updates or mitigations, and keep track of the company’s overall progress using a security scanner or the simple scan application mentioned above.