This protocol vulnerability was pre-disclosed to us by Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk, on 17 November 2023. For full details of their report, see their dedicated website about the Terrapin attack.
This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6,Then each of the 'fixed' packages will have some kind of documentation describing their use of 'strict kex'For example putty 0.80:To mitigate the vulnerability, the OpenSSH project has defined a SSH extension called 'strict KEX' (documented in their PROTOCOL document), which PuTTY 0.80 implements.
On Mon, Dec 25, 2023 at 1:58 AM Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> wrote:Brian Pence <bpence%celestialsoftware.net@localhost> writes:
>Related publication at NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-48795
>
>Implementation versions that are identified as NOT VULNERABLE have all
>recently implemented "strict key exchange"
Where are you seeing that? I can't find that text anywhere on the page.
Peter.