5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.4 High
AI Score
Confidence
Low
0.962 High
EPSS
Percentile
99.5%
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection’s security by breaking the integrity of the secure channel.
Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the “first-ever practically exploitable prefix truncation attack.”
In a real-world scenario, an attacker could exploit this vulnerability to intercept sensitive data or gain control over critical systems using administrator-privileged access.
Weak SSH algorithms refer to the encryption and key exchange methods utilized in the Secure Shell (SSH) protocol, highlighting the security vulnerabilities or obsolescence associated with these algorithms. SSH is a protocol for establishing secure network connections and is often used to provide secure access to remote systems. However, some outdated or vulnerable algorithms can increase information security risks.
When such weak algorithms are used, attackers can more easily access encrypted data by targeting these vulnerabilities. Weak SSH algorithms can make it easier for malicious actors to crack passwords or gain access. Furthermore, using these algorithms makes secure connections more vulnerable and can increase the risk of unauthorized access
HackerOne report :
https://hackerone.com/reports/2431683 ( nextcloud report)
https://hackerone.com/reports/318068
Reference:
https://thehackernews.com/2024/01/new-terrapin-flaw-could-let-attackers.html
https://threatmon.io/vulnerability/weak-ssh-algorithms-discovered/
https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/
Target :
scan.nextcloud.com (95.217.53.149)
Step To Reproduce:
1: Detection for Weak and vulnerable algorithms
Tools: Nmap,ssh-audit
nmap --script ssh2-enum-algos target -sV -p-
# SSH-AUDIT
ssh-audit Target
https://www.sshaudit.com/
ssh-audit scan file :
nmap scan file :
2 : Detection for Terrapin Attack
To be vulnerable the connection must be secured by either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and no kex-strict-?[email protected] key exchange marker is offered by this target.
They also created vulnerability scanner for this :
https://github.com/RUB-NDS/Terrapin-Scanner
Deprecated & Weak SHA-1 Algorithm In UseAffected Algorithms:References:
Description: SHA-1 is known to have several practical & exploitable weaknesses.
Solution: Replace SHA-1 with SHA-256, SHA-384, or SHA-512
Possibly Compromised NIST P-Curves In UseAffected Algorithms:References:
Description: The NIST P-curves are strongly suspected by some as being back-doored by the NSA.
Solution: Replace ECDSA host keys with RSA and/or ED25519 host keys. Replace ECDH key exchange algorithms with traditional Diffie-Hellman algorithms and/or the Curve25519 algorithm.
Diffie-Hellman Group 14 In UseAffected Algorithms:References:
Description: Diffie-Hellman Group 14 uses a somewhat small 2048-bit modulus, which is only equivalent to 112-bits of symmetric security.
Solution: Replace with Diffie-Hellman Group 15, which affords a 128-bit level of security.
MAC Algorithm With Insufficient Tag Size EnabledAffected Algorithms:References:
Description: MAC tags less than 128 bits long are vulnerable to collision attacks, resulting in forged messages.
Solution: Use MACs with tag sizes of 128 bits or larger, such as [email protected], [email protected], or [email protected], if possible.
Encrypt-And-MAC Algorithm EnabledAffected Algorithms:References:
Description: Encrypt-and-mac algorithms are theoretically weaker than encrypt-then-mac (etm) algorithms with respect to chosen plaintext attacks, chosen ciphertext attacks, and non-malleability.
Solution: Disable the affected MACs.
Chacha20-Poly1305 Terrapin VulnerabilityAffected Algorithms:References:
Description: The chacha20-poly1305 cipher is susceptible to the Terrapin vulnerability when the kex-strict marker ([email protected]) is not in the list of key exchanges. Note that, even when the kex-strict marker is present in the target, its peer must present the marker as well, otherwise an insecure channel will still be created. If connections with unpatched peers is possible, then this cipher must be fully disabled.
Solution: Upgrade the SSH implementation to one that supports the kex-strict marker ([email protected]), or disable this cipher entirely.
As of 2022, there are approximately 549 million Wifi hotspots worldwide. According to the Forbes Advisor, 40% of respondents had their information compromised while using public Wi-Fi.People most commonly use public Wi-Fi in cafes and restaurants (38%), hotels (38%), and libraries (33%) majority of people (56%) connect to public Wi-Fi networks that don’t require a password, while 44% connect to networks that do. In the US, 47% of people say they use public Wi-Fi regularly. And that’s no surprise, as Americans continue to work remotely, attend school online, and save their cellular data while they’re out and about.
Internet provider companies and government agencies spy on citizens by catching our internet traffic, This type of spoofing attack against civilians now become an open secret.
You and me also everyone use public wifi networks, chilling in a cafe with friends, and working remotely now become a part of our life so this type of bug is now becoming more alarming than ever. Using a VPN will decrease internet speed that’s why a VPN isn’t a solution.
Internet service providers and Attackers in Adversary-in-the-Middle (AitM) position can exploit this vulnerability to hack your company if we don’t consider this seriously this could lead to a cyber attack against your company.
Your company’s activities show that you guys Consider data security very carefully.Gratefully I can say Security is your main priority and you should know that confidentiality integrity availability (CIA ) is the piler of security. This type of vulnerability is the most alarming to us for protecting the confidentiality and integrity of our data.
Your server scored an F grade As a well-known company Nextcloud deserves the best security, hope this report will help you to make this server an A grader
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.4 High
AI Score
Confidence
Low
0.962 High
EPSS
Percentile
99.5%