Hacker News new | past | comments | ask | show | jobs | submit login

Terrapin-Attack Style Vulnerability Likely Exploited for 2 Years!!

I wanted to share some insights into a security concern that echoes the Terrapin-Attack scenario, highlighting a similar vulnerability that has been observed in other tools.

Recently, I came across a Pull Request on GitHub for the SSH-MITM tool, which sheds light on a critical aspect of SSH protocol security, specifically regarding RFC 4253 during the KEXINIT process. The Pull Request, available at GitHub https://github.com/ssh-mitm/ssh-mitm/pull/163, describes the necessity of discarding certain packages during the KEXINIT phase to prevent issues with intercepted clients.

Moreover, a look into the GitHub Blame for SSH-MITM reveals that these crucial changes in the KEXINIT step were integrated into SSH-MITM about 1-2 years ago. You can see the specific changes at this link: https://github.com/ssh-mitm/ssh-mitm/blame/4fc3ef418847c35d1...

An important note to add is that this information suggests that a similar form of attack, akin to the Terrapin-Attack, could potentially have been exploited for the last two years. This raises significant concerns about the historical vulnerability of systems to such attack techniques and emphasizes the importance of retroactive security analysis in addition to ongoing vigilance.




The approach by ssh-mitm differs quite significantly as already mentioned by Manfred Kaiser in the issue linked above. Most significantly, ssh-mitm basically establishes two connections (one as a server, one as a client) and forwards messages between the two. This however requires the client to accept the hostkey from the MitM (or the MitM to get a hold on the private key of the server's hostkey). In comparison, our attack manipulates a single connection, without the attacker knowing the hostkey or a client accepting a malicious hostkey. For more details, see the issue here: https://github.com/ssh-mitm/ssh-mitm/issues/165


There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: