Nearly 11 Million SSH Servers Vulnerable to Terrapin Attack

Researchers have found that almost 11 million SSH servers on the internet are vulnerable to Terrapin attacks. These attacks allow manipulation of data during the handshake process, ultimately compromising the integrity of the SSH channel when using several widely adopted encryption modes.

The Terrapin vulnerability was first reported in December 2023 by experts from Ruhr University Bochum. The described attack enables an adversary to delete or alter messages transmitted within the communication channel. This can lead to a downgrade of the public key algorithms used for user authentication or even a complete disabling of timing-attack protections based on keystroke timing analysis in OpenSSH 9.5. As a result, Terrapin reduces the security of the connection by manipulating negotiation messages in a way that neither the client nor the server notices.

To intercept and modify the handshake, an attacker must first position themselves as a man-in-the-middle (MiTM) on the network. Additionally, the connection must be protected using either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC.

According to analysts from Shadowserver, there are about 11 million SSH servers (based on unique IP addresses) on the internet that are vulnerable to Terrapin attacks. This means that approximately 52% of all scanned samples in the IPv4 and IPv6 address spaces are at risk. The highest number of vulnerable systems was found in the United States (3.3 million), followed by China (1.3 million), Germany (1 million), Russia (700,000), Singapore (390,000), and Japan (380,000).

While not all 11 million vulnerable servers are at immediate risk of attack, the Shadowserver report clearly shows that attackers have plenty of potential targets to choose from.

Researchers also remind administrators that a scanner for detecting Terrapin vulnerabilities is available on GitHub. This tool can help administrators determine whether their SSH client or server is susceptible to this attack.