Starting in version 2024.1, Cerberus FTP will offer the OpenSSH strict key exchange extension to limit Terrapin style attacks to SSH/SFTP.
Overview
On December 18, 2023, NIST published CVE-2023-48795 which details a vulnerability where a remote attacker could bypass integrity checks by omitting negotiation packets, possibly resulting in downgraded security. This prefix truncation attack has been named the Terrapin Attack.
At this time, the severity of this vulnerability has not been fully established. However, OpenSSH implemented an extension that can detect these omitted/modified/replaced packets and close the connection immediately.
The SSH transport protocol is very flexible, and this extension will remove some of that flexibility by requiring a more defined sequence of messages and restricting some messages from occurring before the connection is fully secured.
Scope
In Cerberus FTP Server 13.0 and later, we support the ChaCha20-Poly1305 cipher in SSH. This is the only cipher/mac combination in Cerberus that could be affected by Terrapin at this time.
Known Affected Versions
Cerberus FTP Server 13.0 and later for all editions
Servers running in FIPS 140-2 mode are not affected as the ChaCha20 cipher is not available in FIPS mode.
Mitigation
This issue is addressed in version 2024.1. As always, Cerberus Administrators are urged to upgrade to these versions or higher as soon as possible.
If this is not possible, we recommend disabling the ChaCha20-Poly1305 cipher in Server Manager : Protocols : SSH/SFTP.
Options
In 2024.1 and later, Server Manager : Protocols : SSH/SFTP has a new option to “Require strict kex extension”. This will be enabled by default as shown in the screenshot below.
SSH/SFTP Protocol Settings
When enabled, attempts to use any cipher/mac that have been identified as vulnerable to a Terrapin style attack will be denied unless the client supports the strict kex extension.
Administrators can decide if they need to allow older clients to connect using these vulnerable configurations and uncheck the option. However, given that ChaCha20-Poly1305 is relatively new, any client supporting it should have a fix out soon and upgrading the client is the best solution.
Feedback
As always, we look forward to hearing how our customers use Cerberus and any additional improvements that would help make Cerberus FTP Server better. We would love to hear your feedback.