"SSH Vulnerability Exploitable in Terrapin Attacks"

Security researchers at Ruhr-Universität Bochum discovered a flaw in the SSH cryptographic network protocol that could enable an attacker to reduce the security of the SSH connection by truncating the extension negotiation message. According to the researchers, Terrapin is a prefix truncation attack that targets the SSH protocol. An attacker can remove an arbitrary number of messages sent by the client or server at the start of the secure channel by carefully adjusting the sequence numbers during the handshake, without the client or server noticing. In addition to lowering the security of the SSH connection by making it to use less secure client authentication algorithms, the attack can be used to exploit flaws in SSH implementations. This article continues to discuss the Terrapin attack.

Help Net Security reports "SSH Vulnerability Exploitable in Terrapin Attacks"

Submitted by grigby1