As such, Terrapin represents the first practical cryptographic attack targeting the integrity of the SSH protocol itself. In those instances, Terrapin allows attackers to alter or corrupt information transmitted in the SSH data stream during the handshake-the earliest connection stage, when the two parties negotiate the encryption parameters they will use to establish a secure connection. Tracked as CVE-2023-48795, the attack the researchers devised works when attackers have an adversary-in-the-middle attack (also abbreviated as AitM and known as man-in-the-middle or MitM), such as when they’re positioned on the same local network and can secretly intercept communications and assume the identity of both the recipient and the sender. It just got a lot weakerTerrapin, as the vulnerability has been named, came to light two weeks ago in a research paper published by academic researchers. Further Reading SSH protects the world’s most sensitive networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |