Power

 View Only
Expand all | Collapse all

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

  • 1.  SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

    Posted Thu January 18, 2024 12:54 PM

    Our Security team has identified our sshd server as vulnerable to the Terrapin attack. 

    "The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.

    Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions."

    They have identified all our VIO servers as vulnerable. 

    I have tried to Add ONLY the ciphers and Macs in /etc/ssh/sshd_config file that are not vulnerable and restarted the sshd service, but it didn't work.

    Please provide a fix asap.

    Thanks,



    ------------------------------
    Scott Gruber
    ------------------------------


  • 2.  RE: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

    Posted Wed January 24, 2024 05:12 PM

    ... same for us. Is there any known workaround available?



    ------------------------------
    Joerg Humm
    ------------------------------



  • 3.  RE: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

    Posted Wed January 24, 2024 05:27 PM
    I found out that these entries need to be in /etc/ssh/sshd_config
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    MACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512


  • 4.  RE: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

    Posted Wed January 24, 2024 05:28 PM