Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

SonicWall Security Advisory

On December 18th, 2023, researchers from the Ruhr University
Bochum published a protocol flaw in the SSH v2 protocol, called Terrapin
Attack.

The flaw allows removing encrypted SSH messages at the begin
of the communication, allowing downgrade of security aspects of SSH
connections.

This occurs because the SSH Binary Packet Protocol (BPP), mishandles the handshake phase, and mishandles
use of sequence numbers.

To carry out the Terrapin attack, a threat actor must be
capable of performing a man-in-the-middle (MITM) attack at the network layer. Another precondition
is that the connection must be secured by either ChaCha20-Poly1305 or CBC with
Encrypt-then-MAC.

SonicWall is investigating its product line to determine which products and services may be affected by this vulnerability and the Affected and Fixed Products(s) can change as more information becomes available.

CVE: CVE-2023-48795
Last updated: Jan. 16, 2024, 6:37 a.m.

READ MORE