Gateway vulnerabilityTerrapin attack
search cancel

Gateway vulnerabilityTerrapin attack

book

Article ID: 396738

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Gateway base 11.0 failed security scan for Terrapin attack

The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.

Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions

Environment

Gateway 11.0 base

Resolution

Applying the latest MPP April 2025 11.0 (Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2025-04-22.L7P) resolve this vulnerability

After patching

# dpkg -l | grep  libssh2 

libssh2-1:amd64      1.9.0-2+deb11u1  amd64 SSH2 client-side library

Debian site: 

libssh2 (PTS) bullseye 1.9.0-2+deb11u1 fixed

# dpkg -l | grep  openssh

Openssh-client      1:8.4p1-5+deb11u4 amd64 secure shell (SSH) client, for secure access to remote machines

openssh-server  1:8.4p1-5+deb11u4  amd64        secure shell (SSH) server, for secure access from remote machines

openssh-sftp-server  1:8.4p1-5+deb11u4  amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines

Debian site: 

openssh (PTS) bullseye (security) 1:8.4p1-5+deb11u4 fixed

Additional Information

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms

Powered by Wolken Software