: All Bitvise versions prior to 9.32—including version 8.48—are susceptible if they use specific encryption modes like ChaCha20-Poly1305 or encrypt-then-MAC (EtM).
: As noted, this is the only protocol-level fix for the Terrapin vulnerability.
: It fixed a bug where 64-bit systems failed to detect instance name conflicts after installation. bitvise winsshd 848 exploit
Bitvise SSH Server (formerly WinSSHD) version 8.48 was a stable release in the 8.x series that addressed specific functional bugs rather than critical zero-day vulnerabilities. However, users of version 8.48 are now exposed to a significant protocol-level vulnerability known as , which was discovered after this version's release.
: By dropping these packets, an attacker can downgrade security features, such as disabling keystroke timing protections or forcing weaker authentication methods. : All Bitvise versions prior to 9
: Use the BssCfg utility or the Control Panel to disable ChaCha20-Poly1305 and any MAC algorithms ending in -etm .
: This version disabled ineffective UPnP (Universal Plug and Play) actions for IPv6 addresses that previously generated errors. Bitvise SSH Server (formerly WinSSHD) version 8
: In previous versions, if an SCP upload encountered a write error or failed to set file time, the file transfer subsystem would abort abruptly. Version 8.48 corrected this to ensure errors are reported properly without crashing the subsystem.