SSH protects the world’s most sensitive networks. It just got a lot weaker

 Researchers have devised an attack with the potential to undermine cryptographic SSH protections. Terrapin is a man-in-the-middle attack that affects SSH connections secured by ChaCha20-Poly1305 or CBC with Encrypt-then-MAC. Around 57% of servers list these encryption modes as their preferred choice. Anyone using SSH should check whether they are vulnerable to the attack and make the appropriate updates. The attack invalidates proofs published in 2016 concluding that such attacks weren't possible.

KNOW MORE