SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
We are starting to see the Terrapin vulnerability more and more with our customers. This security hole from December 2023 allows hackers to exploit weaknesses in security certificate management, leading to unauthorized access and potential data loss or system compromise.
What is the Terrapin vulnerability?
The Terrapin vulnerability is caused by a flaw in the SSH protocol that affects how communication is passed back and forth during the establishment of a secure connection. The flaw lies in the process when clients and servers handshake and establish a connection.
In order to exploit the Terrapin vulnerability, the attacker must be able to perform a “man in the middle” (MitM) attack on the network. This means that the attacker must have access to the network.
With the Terrapin vulnerability, the attacker can change the encryption ciphers used to encrypt traffic. Thus, it will be possible to weaken the encryption, making data easier to decrypt and read.
Our recommendation
Since exploiting the vulnerability requires some expertise on the part of the attacker and access to the network, it is not a vulnerability you should throw everything you have at solving. However, it is something we believe you should include in your risk assessment, and if you are dealing with a critical system or critical data (business critical, socially critical or similar), you should address the vulnerability and have it mitigated within a reasonable timeframe.
Once an attacker gains access, the vulnerability is a way to further escalate their attack.
Impact
To mitigate the Terrapin vulnerability, both clients and servers need to be updated to the latest SSH version. For example, if the update is missing on the servers but has been rolled out on the clients, the vulnerability can still be exploited. The connection will always use the latest possible version. Since the server does not have the latest version, the server version will be used, thus opening up the vulnerability.
Updating both servers and clients can be a resource-intensive task.
We have created a short guide on how to fix vulnerabilities: https: //retest.dk/vulnerabilities-base/ssh-terrapin-prefix-truncation-weakness-cve-2023-48795/
Want a call back?
Use the contact form and we will call you back within 12 hours.
Recent Comments