VanDyke Software

Security Advisory

Security Advisory

SSH2 Protocol Vulnerable to Novel Prefix Truncation Attacks, Downgrading Connection Security

Risk assessment: Medium-High

Posted: December 19, 2023


When certain SSH cipher algorithms are used for key exchange, the SSH2 protocol is vulnerable to a novel prefix truncation attack (a.k.a. Terrapin attack).

The vulnerable cipher algorithms are:

  • ChaCha20-Poly1305 (
  • Encrypt-then-MAC ( MAC algorithms)

These vulnerable algorithms allow a man-in-the-middle attacker to strip out an arbitrary number of messages immediately after the initial key exchange, breaking SSH extension negotiation (RFC 8308) and downgrading connection security.

To mitigate this SSH protocol vulnerability, SecureCRT/SecureFX 9.4.3 and VShell 4.9.1 now support a "strict KEX" extension. This extension alters the SSH handshake to ensure a man-in-the-middle attacker cannot introduce unauthenticated messages or convey sequence number manipulation across handshakes.


For the fix to work, the "strict KEX" extension must also be supported by the server(s) to which SecureCRT and SecureFX are connecting and by the clients connecting to VShell.

Products Affected

  • SecureCRT (SSH2): versions 9.4.2 and older (all platforms).
  • SecureFX (SCP/SFTP): versions 9.4.2 and older (all platforms).
  • VShell (SSH2/SFTP server): versions 4.9.0 and older (all platforms).

Recommended Solutions

  • SecureCRT: Upgrade to version 9.4.3 or newer (all platforms)
  • SecureFX: Upgrade to version 9.4.3 or newer (all platforms)
  • Upgrade to VShell 4.9.1 or newer (all platforms).
  • Note:

    For temporary mitigation, SecureCRT, SecureFX, and VShell can be configured to disallow the affected algorithms and use unaffected alternatives such as AES-GCM.

Vulnerability Fix Downloads

Official Postings

Revision History

December 19, 2023 – Security Advisory Published

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.