SSH Vulnerability Used in Terrapin Attacks (CVE-2023-48795)

Qualys Security Advisory

Academic researchers have discovered a vulnerability in SSH cryptographic network protocol that can be used in an attack called Terrapin, a prefix truncation attack. Tracked as CVE-2023-48795, the vulnerability allows attackers to lower the security of established connections by truncating the extension negotiation message.

SSH is an internet standard that offers safe access to over 15 million servers on the open internet and network services, including file transfers and remote terminal logins inside the company networks.

The Terrapin Attack

An attacker can delete any messages delivered by the client or server at the start of the secure channel without the client or server recognizing it by carefully manipulating the sequence numbers during the handshake.

An attacker may perform an attack by truncating the extension negotiation message (RFC8308) from the transcript, lowering the connection’s security. In OpenSSH 9.5, the truncation may result in using less secure client authentication algorithms and deactivating protections against keyboard timing attacks.

Terrapin can be used to enable the exploitation of implementation flaws. Security researchers of Ruhr University Bochum have discovered various flaws in the state machine of the AsyncSSH servers that let an attacker sign a victim’s client into a different account without the victim realizing it. As a result, it will strengthen the possibility of phishing attacks and might even provide the attacker access to the encrypted session via Man-in-the-Middle (MitM) techniques.

As per the researchers’ blog, “Many vendors have updated their SSH implementation to support an optional strict key exchange. Strict key exchange is a backward-incompatible change to the SSH handshake which introduces sequence number resets and takes away an attacker’s capability to inject packets during the initial, unencrypted handshake.”


Vendors/maintainers of affected implementations, applications, and Linux distros such as AsyncSSH, LibSSH, OpenSSH, PuTTY, Transmit, SUSE, and others have been pushing out fixes.

Qualys Detection

Qualys customers can scan their devices with QIDs 755499, 755498, 755497, 755496, 691379, 200018, 200017, 996391, 356795, 356794, 35679, 996375, and 996349 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.