A critical flaw in the OpenSSH standard has been fully disclosed by a team of researchers at the Royal Holloway, University of London.
The flaw lays in the ability of an attacker for force certain parts of the encryption sequence into plain text. They can force up to 32 bit of text out into the clear. The chances of this are slim but are still there and represent vulnerability for any highly sensitive information or data.
The attack uses flaws in the RFC (request for comment) standard that makes up OpenSSH. This problem was first disclosed in November 2008 but not all the details were made public.
The issue can be protected against by using AES in CTR mode instead of CBC (Cipher-Block Chaining Mode). The flaw is open in OpenSSH 4.7, Version 5.2 introduces counter measures against the flaw but does not actually correct the flaw.
Read more here.
According to Paterson, a man-in-the-middle attacker could sit on a network and grab blocks of encrypted text as they are sent from client to server. By retransmitting the blocks to the server, an attacker can work out the first four bytes of corresponding plaintext. The attacker can do this by counting how many bytes the attacker sends until the server generates an error message and tears down the connection, then working backward to deduce what was in the OpenSSH encryption field before encryption.
The attack relies on flaws in the RFC (Request for Comments) Internet standards that define SSH, said Paterson.
Paterson gave a talk on Monday at the IEEE Symposium on Security and Privacy in Oakland, Calif., to explain his group's research findings. The three ISG academics involved in the research were Paterson, Martin Albrecht, and Gaven Watson.