SSH Prefix Truncation Vulnerability (Terrapin attack) on Citrix App Layering .

Note: The Terrapin attack can reduce the security of SSH by using a downgrade attack via man-in-the-middle interception. The attack works by prefix truncation; the injection and deletion of messages during feature negotiation, manipulating sequence numbers in a way that causes other messages to be ignored without an error being detected by either client or server.

Login to ELM as root /etc/ssh/sshd_config.

Remove the chacha20-poly1305 cipher per https://terrapin-attack.com/ from the bottom of the file:

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

Reboot the ELM

Re-run the vulnerability test.

This vulnerability is not present in ELM release 2409 and later

Problem Cause

Vulnerability detected due to Terrapin attack