Tre ricercatori della Ruhr University Bochum hanno scovato una grave vulnerabilità dello standard Secure SHell (SSH) adottato universalmente per stabilire connessioni sicure con devices e server remoti, tramite una generica connessione dati internet (insicura).
Tutti i dettagli tecnici solo alla apposita pagina del sito predisposto.
Segnaliamo che la vulnerabilità è di livello 6/10, e consente – in linea teorica – intercettazione del flusso dati cifrato da parte di un soggetto terzo “man in the middle”, quindi anche le credenziali di accesso.
Abbiamo già inviato un documento di approfondimento ai nostri clienti, con le misure da adottarsi urgentemente.
Segnaliamo come occorra aggiornare sia lato server che lato client: un esempio di nota fornita da Bitvise SSH client:
Changes in Bitvise SSH Client 9.33: [ 20 December 2023 ]
- Security:
- Terrapin – CVE-2023-48795: Researchers have identified an issue where all SSH connections which use the encryption algorithm ChaCha20-Poly1305, or any integrity algorithm of type encrypt-then-MAC, are vulnerable to packet sequence manipulation by an active attacker, if the attacker can intercept the network path. This can be used to sabotage SSH extension negotiation. This affects extensions with security impact, such as server-sig-algs. Since the attacker can only remove packets sent before user authentication, this does not seem to fatally break the security of the SSH connection. However, it is a cryptographic weakness to address. Bitvise software versions 9.32 and newer support strict key exchange. This is a new SSH protocol feature which mitigates this attack. The SSH client and server must both implement strict key exchange for mitigation to be effective. Other SSH software authors are also releasing new versions to support this. If you must interoperate with SSH software which does not support strict key exchange, consider disabling the encryption algorithm ChaCha20-Poly1305, as well as integrity algorithms of type encrypt-then-MAC. These are the newer data integrity protection algorithms whose names contain -etm. Bitvise software versions 8.xx and older are not substantially affected because they do not implement algorithms where this issue is practically exploitable. Nevertheless, we suggest updating all SSH software to new versions that support strict key exchange. The encryption algorithms aes256-gcm and aes128-gcm are substantially immune from this attack. Users who are committed to older SSH software versions should consider using AES GCM. If this is not possible, the data integrity protection algorithms which are not named -etm are not entirely immune, but are also not believed to be practically exploitable. For compatibility with SSH software which does not support strict key exchange or AES GCM, an algorithm combination such as AES CTR with non-ETM data integrity protection may continue to be acceptable.