There are NVTs for cve-2023-48795 including “1.3.6.1.4.1.25623.1.0.114238”.
The vulnerability is not detected, the nvt had QdE 30%. I set the task to Min QdE 20%.
Terrapin-Scanner result:
Remote Banner: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1
ChaCha20-Poly1305 support: true
CBC-EtM support: false
Strict key exchange support: false
The scanned peer is VULNERABLE to Terrapin.
Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.
For more details visit our website available at https://terrapin-attack.com
I have asked the Moderator team to move this topic into the “Scanning / Scan Configuration” category:
The VT in question is known to work against a huge amount of affected targets including such having the mentioned SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1 banner.
If a result is missing it is more likely that environmental factors are playing a role:
A wrongly applied filter causing the result to not showing up in the report
Network equipment in between the scanner and the target blocking probing requests (e.g. IDS/IPS or WAF devices)
Scanner (configuration) or other environmental related issues
Of course it’s my mistake, I overlooked the filter in the report.
The default value for the scans is 70%. Why is the default not lower and later in the report it is filtered to relevant data?