ann4belle
commented
6 months ago [...] As far as I can tell based on the information that has been released this means that using KiTTY without a mitigation patch will allow for this attack even if the SSH server has been patched.
This is somewhat true - one way to partially mitigate this is to go into Connection > SSH > Cipher and move "ChaCha20 (SSH-2 only)" below "-- warn below here --" (be sure to save this in the Default Settings and any other saved sessions). This prevents the use of one of the vulnerable ciphers without warning. As a limitation inherited from PuTTY, the other vulnerable cipher is bundled with other non-vulnerable ones under "AES (SSH-2 only)", and KiTTY can't be configured to warn before using it without also warning before using non-vulnerable ciphers.
Even if you do move both below the warning threshold, running the Terrapin scanner will still produce a positive, as the vulnerable ciphers are still enabled and strict key exchange is unsupported.
Judging by the fact that KiTTY is advertised as "a fork from version 0.76 of PuTTY", and doesn't appear to have incorporated upstream commits since that version (seeing as PuTTY has released 0.77, 0.78, 0.79, and now 0.80), I'm starting to consider moving back to PuTTY myself.
BurtGummer
What are the plans to mitigate the Terrapin vulnerability? Putty released version 0.80 two days ago with a fix and it appears that BOTH server and client SSH implementations must use the mitigation or the MITM attack is still a threat. As far as I can tell based on the information that has been released this means that using KiTTY without a mitigation patch will allow for this attack even if the SSH server has been patched.