The SSH client and server must both implement strict key exchange for mitigation to be effective. This is a new SSH protocol feature which mitigates this attack.
However, it is a cryptographic weakness to address.īitvise software versions 9.32 and newer support strict key exchange. Since the attacker can only remove packets sent before user authentication, this does not seem to fatally break the security of the SSH connection.
This affects extensions with security impact, such as server-sig-algs. This can be used to sabotage SSH extension negotiation. Terrapin - CVE-2023-48795: Researchers have identified an issue where all SSH connections which use the encryption algorithm ChaCha20-Poly1305, or any integrity algorithm of type encrypt-then-MAC, are vulnerable to packet sequence manipulation by an active attacker, if the attacker can intercept the network path.
For issues that might arise using the latest SSH Client versions, see Known issues.Ĭhanges in Bitvise SSH Client 9.33: