A new vulnerability in the SSH cryptographic network protocol has been discovered (CVE-2023-48795) that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The vulnerability has been found in OpenSSH before 9.6 and other products and has a moderate security impact.

Terrapin is a MitM (man-in-the-middle) attack, the exploit only works when an attacker has an active adversary-in-the middle position on the connection between the admins and the network they remotely connect to.

A technical description of the attack is available in the following paper.

See also other references: [1], [2], [3]