Header Only - DO NOT REMOVE - Extreme Networks

SSH Server CBC Mode Ciphers Enabled


How do I resolve the below audit finding on the C3 Switch?
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled

2 replies

Userlevel 4
The C3-Series switches are heading to the end of support and there are no plans to modifying SSH on those solutions.

The OpenSSH Security Advisory provides the following information:

"For most SSH usage scenarios, this attack has a very low likelihood of being carried out successfully - each attempt has a low probability of success and each failure will cause connection termination with a fatal error. It is therefore very unlikely for an interactive session to be usefully attacked using this protocol weakness: an attacker would expect around 11356 connection-killing attempts before they are likely to succeed."

Additional information is available at http://www.openssh.com/txt/cbc.adv.

I hope it helps.
How about for an S4 chassis switch? Any plans on fixing it there with this OS?
Or this open issue? xos0060993

Reply