CVE-2023-48795 / Terrapin Attack #81
Description
Hi
tinyssh seems prone to the Terrapin Attack (CVE-2023-48795) as well.
Details on: https://terrapin-attack.com/
Testing a recent version:
================================================================================
==================================== Report ====================================
================================================================================
Remote Banner: SSH-2.0-tinyssh_20230101-3 cWKeTzJf
ChaCha20-Poly1305 support: true
CBC-EtM support: false
Strict key exchange support: false
==> The scanned peer is VULNERABLE to Terrapin.
Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.
For more details visit our website available at https://terrapin-attack.com