The Terrapin vulnerability CVE-2023-48795 compromises secure access to network services, posing a threat to internet security.
Anuj Mudaliar Assistant Editor - Tech, SWZD
January 3, 2024
- Security researchers have discovered a new vulnerability called Terrapin that impacts the Secure Shell (SSH) network protocol.
- According to the study, at least 77% of SSH servers support modes that can be exploited through the vulnerability.
Security researchers from Germany’s Ruhr University Bochum have found a vulnerability in Secure Shell (SSH) cryptographic network protocol that can enable malicious actors to reduce protections in what is normally considered a secure channel. The vulnerability is known as Terrapin, the CVE-2023-48795, which is a prefix truncation attack.
The Terrapin vulnerability allows attackers to extract messages from servers and clients by making changes to sequence numbers during handshake processes to establish secure communication channels. This reduces the security of the connections, weakening authentication algorithms and stopping protections against attacks that involve timing keystrokes.
See More: 1.3M LoanCare Borrowers Data Exfiltrated in Fidelity National Financial Breach
The vulnerability is the very first practically exploitable prefix truncation attack found by researchers, which is part of a new group of attacks that primarily target cryptographic network protocols.
To execute a Terrapin attack, threat actors need the capabilities to perform man-in-the-middle attacks to adjust traffic at the network layer. They especially affect encryption algorithms with the -cbc suffix.
Using vulnerability scanners has been recommended to check for susceptible servers and clients. In addition, client and server updates and long-term awareness programs will be required to stave off the effects of the Terrapin vulnerability.
What measures does your organization follow to mitigate security vulnerabilities? Let us know your thoughts on LinkedInOpens a new window , XOpens a new window , or FacebookOpens a new window . We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
Assistant Editor - Tech, SWZD
Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.
