Skip to content

Terrapin Vulnerability CVE-2023-48795 #916

Closed
@hannosgit

Description

@hannosgit

Hi!

Is this library affected by the Terrapin Vulnerability ?
I tried this library with Terrapin-Scanner and the output of the scanner says that SSHJ is affected:

G:\Downloads>Terrapin_Scanner_Windows_amd64.exe --listen 2222
Listening for incoming client connection on 127.0.0.1:2222
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-SSHJ_0.37.0

ChaCha20-Poly1305 support:   true
CBC-EtM support:             true

Strict key exchange support: false

==> The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions