Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.

2025-06-25 12:04:32 +02:00 · 2023-12-19 14:03:28 -05:00
parent 8e972c5e94
commit c259a83782
16 changed files with 183 additions and 56 deletions
--- a/test/docker/expected_results/openssh_8.0p1_test2.json
+++ b/test/docker/expected_results/openssh_8.0p1_test2.json
@ -38,6 +38,9 @@
                "info": [
                    "default cipher since OpenSSH 6.9",
                    "available since OpenSSH 6.5"
+                ],
+                "warn": [
+                    "vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation"
                ]
            }
        },
@ -374,6 +377,12 @@
        },
        "warning": {
            "del": {
+                "enc": [
+                    {
+                        "name": "chacha20-poly1305@openssh.com",
+                        "notes": ""
+                    }
+                ],
                "kex": [
                    {
                        "name": "diffie-hellman-group14-sha256",