CVE-2023-48795, also known as the Terrapin attack, is a prefix truncation vulnerability in the SSH protocol. This flaw allows a man-in-the-middle (MitM) attacker to downgrade connection security by manipulating sequence numbers during the handshake. The result? Attackers can delete messages at the beginning of the secure channel, compromising the integrity of the connection.
What is CVE-2023-48795 Vulnerability?
CVE-2023-48795 is a significant vulnerability within the Secure Shell (SSH) transport protocol. It enables a MitM attacker to bypass integrity checks by truncating the initial messages exchanged during a secure handshake. By carefully manipulating sequence numbers, an attacker can delete a specific number of messages from the beginning of the communication without the client or server noticing. This compromises the channel's integrity, potentially allowing for the downgrade of public key authentication algorithms or other security features.
When was it Discovered?
The vulnerability was discovered by researchers at the Ruhr University Bochum in Germany. They publicly disclosed their findings and the details of the Terrapin attack on December 18, 2023. The coordinated disclosure involved multiple vendors to ensure patches and guidance were available to address the widespread issue impacting numerous SSH implementations.
Affected Products & Versions
The Terrapin attack impacts a broad range of SSH clients and servers that support specific encryption modes. Any implementation using ChaCha20-Poly1305 or any CBC cipher combined with Encrypt-then-MAC is potentially vulnerable. This has a wide-reaching effect across the software landscape.
Product | Versions Affected | Fixed Versions / Patch Links |
OpenSSH | All versions before 9.6 | OpenSSH 9.6+ |
PuTTY | 0.68 to 0.79 | 0.80+ |
AsyncSSH | All versions before 2.14.2 | 2.14.2+ |
libssh | All versions before 0.10.6 and 0.9.8 | 0.10.6, 0.9.8 |
Paramiko | All versions before 3.4.0 | 3.4.0+ |
ProFTPD | All versions before 1.3.8b and 1.3.9rc2 | 1.3.8b, 1.3.9rc2 |
Note: This table is not exhaustive. Many other products are affected. Check with your software vendors for specific advisories.
CVE-2023-48795 Technical Description
The root cause of the CVE-2023-48795 vulnerability lies in how the SSH protocol handles sequence numbers during the initial key exchange. An active MitM attacker can intercept the connection and inject specific, unencrypted packets before the secure communication channel is fully established. This action desynchronizes the message sequence numbers between the client and server.
Because the handshake integrity is not protected in certain configurations, the attacker can manipulate the SSH_MSG_EXT_INFO message, which is optional and negotiated. By truncating this message, they can control how many initial packets are "ignored" by the receiver. This allows the attacker to selectively delete messages sent by the client or server at the beginning of the encrypted session, effectively weakening the security of the entire connection. The flaw breaks the assumption that the initial key exchange is tamper-proof.
Tactics, Techniques & Procedures (TTPs)
Threat actors exploiting CVE-2023-48795 primarily use Man-in-the-Middle (MitM) attacks. The core TTP involves intercepting the SSH handshake between a client and a server. From there, the attacker injects specially crafted packets to manipulate sequence numbers and then selectively removes early-session messages to downgrade security protocols. This could lead to weaker authentication methods being used, making it easier for them to compromise the session later.
Indicators of Compromise
Detecting an active Terrapin attack can be tricky since it happens at the protocol level. However, Indicators of Compromise (IOCs) for the CVE-2023-48795 exploit include unexpected SSH connection failures or resets, particularly after the initial handshake. Network monitoring may reveal unusual packet injections during the SSH negotiation phase. System administrators should also watch for logs indicating a failure to negotiate EXT_INFO or sudden downgrades in cipher suite strength.
Known Proof-of-Concepts & Exploits
Since its disclosure, researchers have released a proof-of-concept (PoC) scanner that can check if an SSH server is vulnerable to the Terrapin attack. This tool helps administrators identify affected systems. While widespread, active exploitation in the wild has not been heavily reported, the availability of a public PoC and the broad attack surface mean the risk is very real. It's only a matter of time before threat actors start adding this to their standard playbook.
How to Detect CVE-2023-48795 Vulnerability?
You can detect the CVE-2023-48795 vulnerability using several methods. Network scanners, such as the one released by the original researchers, can actively probe SSH servers to check for the flaw. On the host side, you can check the versions of your SSH clients and servers against the list of affected software. For security teams using a SIEM, monitor for an unusual number of failed SSH handshakes or logs that show errors related to unexpected sequence numbers.
Impact & Risk of CVE-2023-48795 Vulnerability
The impact of the CVE-2023-48795 vulnerability is primarily the degradation of connection security. While it doesn't directly lead to code execution or data decryption, it cripples the integrity of the SSH channel. This opens the door for other attacks. For example, an attacker could disable specific security features, like keystroke timing obfuscation in OpenSSH, making the session more vulnerable to traffic analysis. The biggest risk is that it weakens trust in a protocol that is the backbone of secure remote administration.
Mitigation & Remediation Strategies
Let's get this fixed. The primary mitigation for CVE-2023-48795 is to patch your systems. Update all SSH clients and servers to the latest versions that include fixes for this vulnerability. Most major vendors have already released patches.
If patching isn't an option right away, you can implement a workaround. Configure your SSH servers and clients to disable the vulnerable ChaCha20-Poly1305 and CBC-mode ciphers. Instead, prioritize robust ciphers like AES-GCM. This move effectively closes the door on the Terrapin attack by removing the conditions it needs to succeed.
[[FAQ]]CVE-2023-48795 Vulnerability FAQs
[[Q]]What is CVE-2023-48795 and how does it work?
[[A]]CVE-2023-48795, or the Terrapin attack, is a vulnerability in the SSH protocol. It allows a man-in-the-middle attacker to truncate the initial messages of a secure connection by manipulating sequence numbers. This compromises the integrity of the handshake, potentially allowing the attacker to downgrade the connection's security.
[[Q]]How does CVE-2023-48795 infect systems?
[[A]]This vulnerability isn't an "infection" like malware. Instead, it's a protocol-level flaw that is exploited during an active SSH session. An attacker must first gain a position between the client and server (MitM) to intercept and modify the connection handshake as it happens.
[[Q]]Is CVE-2023-48795 still a threat in 2025?
[[A]]Yes, it absolutely remains a threat. Any unpatched SSH client or server using vulnerable ciphers is still exposed. As long as legacy systems exist or administrators neglect updates, attackers can and will exploit this flaw to weaken secure connections.
[[Q]]How can organizations protect themselves from CVE-2023-48795?
[[A]]Protection is straightforward: patch everything. Update all SSH clients and servers to versions that address CVE-2023-48795. If you can't patch immediately, reconfigure your SSH settings to disable the affected ciphers (ChaCha20-Poly1305 and any CBC ciphers) and prioritize more secure alternatives.
Protect What Matters
