Boka revatsvagiri kubva kuRuhr University muBochum (Germany) rakapa nzira itsva yeMITM yekurwisa paSSH - Terrapin, iyo inoshandisa kusagadzikana (CVE-2023-48795) muprotocol. Anorwisa anokwanisa kuronga MITM kurwiswa ane kugona, panguva yekubatanidza nhaurirano maitiro, kuvharidzira kutumira meseji nekugadzirisa maprotocol ekuwedzera kudzikisa danho rekuchengetedza. Iyo prototype yekurwisa toolkit yakaburitswa paGitHub.
Mumamiriro ezvinhu eOpenSSH, kusazvibata, semuenzaniso, kunobvumidza iwe kudzoreredza chinongedzo kuti ushandise isina kuchengetedzeka echokwadi algorithms uye kudzima dziviriro kubva padivi-chiteshi kurwisa kunodzokorora kupinza nekuongorora kunonoka pakati pekiyi kiyi pane keyboard. Muraibhurari yePython AsyncSSH, pamwe nekusagadzikana (CVE-2023-46446) mukuitwa kwemuchina wemukati menyika, kurwiswa kweTerrapin kunotitendera kuti tizvipinze muchikamu cheSSH.
Kusagadzikana kunobata ese maSSH mashandisirwo anotsigira ChaCha20-Poly1305 kana CBC mode ciphers musanganiswa neETM (Encrypt-then-MAC) modhi. Semuenzaniso, hunyanzvi hwakafanana hwave huripo muOpenSSH kweanopfuura makore gumi. Kusagadzikana kwakagadziriswa mukuburitswa kwanhasi kweOpenSSH 10, pamwe nekuvandudzwa kuPuTTY 9.6, libssh 0.80/0.10.6 uye AsyncSSH 0.9.8. MuDropbear SSH, iyo gadziriso yakatowedzerwa kune kodhi, asi kuburitswa kutsva hakusati kwagadzirwa.
Kusagadzikana kunokonzerwa nenyaya yekuti munhu anorwisa anodzora traffic yekubatanidza (semuenzaniso, muridzi wenzvimbo isina waya isina waya) anogona kugadzirisa nhamba dzekutevedzana kwepakeji panguva yekubatana kwekutaurirana uye kuwana kubviswa chinyararire kwenhamba yekupokana yeSSH sevhisi mameseji. inotumirwa nemutengi kana sevha. Pakati pezvimwe zvinhu, munhu anorwisa anogona kudzima SSH_MSG_EXT_INFO mameseji anoshandiswa kugadzirisa maprotocol ekuwedzera anoshandiswa. Kudzivirira mumwe mubato kuti asaone kurasika kwepaketi nekuda kwemukana munhamba dzekutevedzana, anorwisa anotanga kutumira dummy packet ine nhamba yekutevedzana yakafanana neyeremote packet kushandura nhamba yekutevedzana. Iyo dummy packet ine meseji ine SSH_MSG_IGNORE mureza, iyo inofuratirwa panguva yekugadziriswa.
Kurwiswa uku hakugone kuitwa uchishandisa stream ciphers uye CTR, sezvo kutyorwa kwekuvimbika kuchaonekwa padanho rekushandisa. Mukuita, chete ChaCha20-Poly1305 cipher ndiyo inogona kurwisa ([email inodzivirirwa]), umo iyo nyika inoteverwa chete nenhamba dzekuteerana kwemeseji, uye musanganiswa kubva kune Encrypt-Then-MAC modhi (*[email inodzivirirwa]) uye CBC ciphers.
MuOpenSSH 9.6 uye mamwe mashandisirwo, yekuwedzera ye "yakasimba KEX" protocol inoshandiswa kuvhara kurwiswa, iyo inogoneswa otomatiki kana paine rutsigiro pane sevha uye mativi evatengi. Iyo yekuwedzera inomisa chinongedzo kana yagamuchira chero isina kujairika kana isina kufanira meseji (semuenzaniso, neiyo SSH_MSG_IGNORE kana SSH2_MSG_DEBUG mureza) yakagamuchirwa panguva yekubatana kwenhaurirano, uye zvakare kuseta zvakare iyo MAC (Mharidzo Yekusimbisa Kodhi) counter mushure mekupedzwa kwekuchinjana kiyi yega yega.
Source: opennet.ru