Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol. “By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the … More
The post SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) appeared first on Help Net Security.