What is it?
Secure Shell (SSH) allows commands to be sent securely to computers remotely across unsecure networks (like the Internet).
Certain versions of SSH allow an attacker with the ability to intercept SSH traffic, downgrade connection security and force the usage of less secure client authentication algorithms.
This vulnerability is called the “Terrapin Attack”. The link below provides more details.
Why is it a risk?
By exploiting this vulnerability allowing an attacker may sign a victim’s client into
another account without the victim noticing. Hence, it will enable strong phishing
attacks and may grant the attacker Man-in-the-Middle (MitM) capabilities within the
encrypted session.
Numerous other services that you might be running rely on SSH (for example, certain FTP
and screen sharing servers), so your risk is NOT eliminated by simply disabling SSH.
The risk of this vulnerability is considered “Moderate”.
How can you mitigate the risk?
Each server installation is slightly different, so the exact steps very from one Operating
System version to another. ALL mitigations involve blocking the ETM HMACs and the ChaCha20
cipher.
The primary solution is updating OpenSSH to version 9.6p1 or later. For older servers, you can
manually change the configuration to NOT include the risky cipher and HMACs.
The Dev Community page linked below provides instructions for several common setups.
Resources:
Terrapin Attack Explained
Dev Community- Terrapin attack on SSH: what do you need to know
https://dev.to/staex/terrapin-attack-on-ssh-what-do-you-need-to-know-2ffd
