Page 1 of 1

Terrapin attacks can downgrade security of OpenSSH connections

Posted: Wed Dec 20, 2023 2:50 pm
by rbc
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.

This manipulation lets attackers remove or modify messages exchanged through the communication channel, which leads to downgrading the public key algorithms used for user authentication or disabling defenses against keystroke timing attacks in OpenSSH 9.5.
[...]
Terrapin attacks can downgrade security of OpenSSH connections