Risk assessment: Medium-High
Posted: December 19, 2023
Description
When certain SSH cipher algorithms are used for key exchange, the SSH2 protocol is vulnerable to a novel prefix truncation attack (a.k.a. Terrapin attack).
The vulnerable cipher algorithms are:
- ChaCha20-Poly1305 (chacha20-poly1305@openssh.com)
- Encrypt-then-MAC (-etm@openssh.com MAC algorithms)
These vulnerable algorithms allow a man-in-the-middle attacker to strip out an arbitrary number of messages immediately after the initial key exchange, breaking SSH extension negotiation (RFC 8308) and downgrading connection security.
To mitigate this SSH protocol vulnerability, SecureCRT/SecureFX 9.4.3 and VShell 4.9.1 now support a "strict KEX" extension. This extension alters the SSH handshake to ensure a man-in-the-middle attacker cannot introduce unauthenticated messages or convey sequence number manipulation across handshakes.
Warning:
For the fix to work, the "strict KEX" extension must also be supported by the server(s) to which SecureCRT and SecureFX are connecting and by the clients connecting to VShell.
Products Affected
- SecureCRT (SSH2): versions 9.4.2 and older (all platforms).
- SecureFX (SCP/SFTP): versions 9.4.2 and older (all platforms).
- VShell (SSH2/SFTP server): versions 4.9.0 and older (all platforms).
Recommended Solutions
- SecureCRT: Upgrade to version 9.4.3 or newer (all platforms)
- SecureFX: Upgrade to version 9.4.3 or newer (all platforms)
- Upgrade to VShell 4.9.1 or newer (all platforms).
Note:
For temporary mitigation, SecureCRT, SecureFX, and VShell can be configured to disallow the affected algorithms and use unaffected alternatives such as AES-GCM.
Vulnerability Fix Downloads
Official Postings
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://terrapin-attack.com
Revision History
December 19, 2023 – Security Advisory Published
VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.
