Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.
This manipulation lets attackers remove or modify messages exchanged through the communication channel, which leads to downgrading the public key algorithms used for user authentication or disabling defenses against keystroke timing attacks in OpenSSH 9.5.
[...]
Terrapin attacks can downgrade security of OpenSSH connections
Terrapin attacks can downgrade security of OpenSSH connections
-
rbc
- President
- Posts: 273
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Terrapin attacks can downgrade security of OpenSSH connections
Robert B. Carleton + ISC2 Central Mississippi President