The Bitvise SSH Server (formerly WinSSHD) version 8.48 does not have a single "critical" headline exploit, but it is notably affected by the (CVE-2023-48795) and other legacy configuration risks common to older software builds. The "Terrapin" Attack (CVE-2023-48795)
: Version 8.48 does not support "strict key exchange." Users must disable ChaCha20-Poly1305 Encrypt-then-MAC (-etm) algorithms to mitigate the risk. Insecure Installation Permissions bitvise winsshd 8.48 exploit
John had heard rumors about a potential exploit in version 8.48 of Bitvise WinSSHD. He decided to dig deeper and investigate the claims. He downloaded the vulnerable version and set up a test environment to simulate the exploit. The Bitvise SSH Server (formerly WinSSHD) version 8
While version 8.48 predates the massive discovery of the Terrapin attack, users running legacy 8.xx versions are broadly exposed to it if their configuration is not hardened. He decided to dig deeper and investigate the claims
if not needed, as it has been known to cause hangs and authentication timeouts in older 8.xx builds.