The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API prior to 3.1.0-SNAPSHOT, Dropbear up to and including 2022.83, Ssh prior to 5.1.1 in Erlang/OTP, PuTTY prior to 0.80, AsyncSSH prior to 2.14.2, golang.org/x/crypto prior to 0.17.0, libssh prior to 0.10.6, libssh2 up to and including 1.11.0, Thorn Tech SFTP Gateway prior to 3.4.6, Tera Term prior to 5.1, Paramiko prior to 3.4.0, jsch prior to 0.2.15, SFTPGo prior to 2.5.6, Netgate pfSense Plus up to and including 23.09.1, Netgate pfSense CE up to and including 2.7.2, HPN-SSH up to and including 18.2.0, ProFTPD prior to 1.3.8b (and prior to 1.3.9rc2), ORYX CycloneSSH prior to 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP prior to 10.6.0, ConnectBot SSH library prior to 2.2.22, Apache MINA sshd up to and including 2.11.0, sshj up to and including 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla prior to 3.66.4, Nova prior to 11.8, PKIX-SSH prior to 14.4, SecureCRT prior to 9.4.3, Transmit5 prior to 5.10.4, Win32-OpenSSH prior to 9.5.0.0p1-Beta, WinSCP prior to 6.2.2, Bitvise SSH Server prior to 9.32, Bitvise SSH Client prior to 9.33, KiTTY up to and including 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module prior to 1.15.0 for Node.js, the thrussh library prior to 0.35.1 for Rust, and the Russh crate prior to 0.40.2 for Rust.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh |
||
putty putty |
||
filezilla-project filezilla client |
||
microsoft powershell |
||
panic transmit_5 |
||
panic nova |
||
roumenpetrov pkixssh |
||
winscp winscp |
||
bitvise ssh client |
||
bitvise ssh server |
||
lancom-systems lcos |
||
lancom-systems lcos fx - |
||
lancom-systems lcos lx - |
||
lancom-systems lcos sx 5.20 |
||
lancom-systems lcos sx 4.20 |
||
lancom-systems lanconfig - |
||
vandyke securecrt |
||
libssh libssh |
||
net-ssh net-ssh 7.2.0 |
||
ssh2 project ssh2 |
||
proftpd proftpd |
||
freebsd freebsd |
||
crates thrussh |
||
tera term project tera term |
||
oryx-embedded cyclone ssh |
||
crushftp crushftp |
||
netsarang xshell 7 |
||
paramiko paramiko |
||
redhat openshift container platform 4.0 |
||
redhat openstack platform 16.1 |
||
redhat openstack platform 16.2 |
||
redhat openstack platform 17.1 |
||
redhat ceph storage 6.0 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux 9.0 |
||
redhat openshift serverless - |
||
redhat openshift gitops - |
||
redhat openshift pipelines - |
||
redhat openshift developer tools and services - |
||
redhat openshift data foundation 4.0 |
||
redhat openshift api for data protection - |
||
redhat openshift virtualization 4 |
||
redhat storage 3.0 |
||
redhat discovery - |
||
redhat openshift dev spaces - |
||
redhat cert-manager operator for red hat openshift - |
||
redhat keycloak - |
||
redhat jboss enterprise application platform 7.0 |
||
redhat single sign-on 7.0 |
||
redhat advanced cluster security 4.0 |
||
redhat advanced cluster security 3.0 |
||
golang crypto |
||
russh project russh |
||
sftpgo project sftpgo |
||
erlang erlang\\/otp |
||
matez jsch |
||
libssh2 libssh2 |
||
asyncssh project asyncssh |
||
dropbear ssh project dropbear ssh |
||
jadaptive maverick synergy java ssh api |
||
ssh ssh |
||
thorntech sftp gateway firmware |
||
netgate pfsense plus |
||
netgate pfsense ce |
||
connectbot sshlib |
||
apache sshd |
||
apache sshj |
||
tinyssh tinyssh |
||
trilead ssh2 6401 |
||
kitty project kitty |
||
gentoo security - |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources No need to panic, but grab those updates or mitigations anyway just to be safe
A vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people's connections, if conditions are right. In a successful man-in-the-middle attack, the adversary may be able to force SSH clients to use weaker authentication methods and disable some defense mechanisms. It is hard right now to pin down the true realistic impact of the flaw because it all depends on individual client-server configurations, implementations of the protocol, and other var...