ExtremeSwitching (Other)

  • 1.  SSH Server CBC Mode Ciphers Enabled

    Posted 08-23-2016 07:32
    How do I resolve the below audit finding on the C3 Switch?
    SSH Server CBC Mode Ciphers Enabled
    SSH Weak MAC Algorithms Enabled


  • 2.  RE: SSH Server CBC Mode Ciphers Enabled

    Posted 08-23-2016 12:07
    The C3-Series switches are heading to the end of support and there are no plans to modifying SSH on those solutions.

    The OpenSSH Security Advisory provides the following information:

    "For most SSH usage scenarios, this attack has a very low likelihood of being carried out successfully - each attempt has a low probability of success and each failure will cause connection termination with a fatal error. It is therefore very unlikely for an interactive session to be usefully attacked using this protocol weakness: an attacker would expect around 11356 connection-killing attempts before they are likely to succeed."

    Additional information is available at http://www.openssh.com/txt/cbc.adv.

    I hope it helps.


  • 3.  RE: SSH Server CBC Mode Ciphers Enabled

    Posted 10-13-2017 12:00
    How about for an S4 chassis switch? Any plans on fixing it there with this OS?
    Or this open issue? xos0060993