all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

Add to bookmarks
Dec. 19, 2023, 10:11 a.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol. “By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the … More


The post …

attack attacker attacks cryptographic cryptographic attack cve don't miss extension handshake hot stuff message negotiation network numbers openssh protocol research researchers security security researchers ssh suse targeting vulnerability

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 10 hours ago | www.helpnetsecurity.com
android android apps app apps +17
Trellix Wise automates security workflows with AI, streamlining threat detection and remediation 12 hours ago | www.helpnetsecurity.com
artificial artificial intelligence cyber cyber risk +21
Microsoft, Google widen passkey support for its users 13 hours ago | www.helpnetsecurity.com
account protection authentication awareness bitwarden +18
Cyble Vision X covers the entire breach lifecycle 13 hours ago | www.helpnetsecurity.com
access artificial artificial intelligence aspect +23
BlackBerry CylanceMDR improves cybersecurity defensive strategy 13 hours ago | www.helpnetsecurity.com
address advanced ai platform amp +28
FortiGate 200G series boosts campus connectivity for Wi-Fi 7 14 hours ago | www.helpnetsecurity.com
ai-powered campus connectivity firewall +15
Nokod Security Platform secures low-code/no-code development environments and apps 14 hours ago | www.helpnetsecurity.com
applications apps automations code +23
Lenovo launches AI-based Cyber Resiliency as a Service 15 hours ago | www.helpnetsecurity.com
copilot copilot for security cyber cyber protection +24
Edgio ASM reduces risk from web application vulnerabilities 15 hours ago | www.helpnetsecurity.com
application application vulnerabilities asm assets +33

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs