Terrapin vulnerability (cve-2023-48795) not detected

There are NVTs for cve-2023-48795 including “”.

The vulnerability is not detected, the nvt had QdE 30%. I set the task to Min QdE 20%.

Terrapin-Scanner result:

Remote Banner: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1

ChaCha20-Poly1305 support:   true
CBC-EtM support:             false

Strict key exchange support: false

The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key

For more details visit our website available at https://terrapin-attack.com

I have asked the Moderator team to move this topic into the “Scanning / Scan Configuration” category:

The VT in question is known to work against a huge amount of affected targets including such having the mentioned SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1 banner.

If a result is missing it is more likely that environmental factors are playing a role:

  • A wrongly applied filter causing the result to not showing up in the report
  • Network equipment in between the scanner and the target blocking probing requests (e.g. IDS/IPS or WAF devices)
  • Scanner (configuration) or other environmental related issues
  • General networking issues

Of course it’s my mistake, I overlooked the filter in the report. :pensive:
The default value for the scans is 70%. Why is the default not lower and later in the report it is filtered to relevant data?