SSH Server CBC Mode Ciphers Enabled
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2016 07:32 AM
How do I resolve the below audit finding on the C3 Switch?
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-13-2017 12:00 PM
How about for an S4 chassis switch? Any plans on fixing it there with this OS?
Or this open issue? xos0060993
Or this open issue? xos0060993
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2016 12:07 PM
The C3-Series switches are heading to the end of support and there are no plans to modifying SSH on those solutions.
The OpenSSH Security Advisory provides the following information:
"For most SSH usage scenarios, this attack has a very low likelihood of being carried out successfully - each attempt has a low probability of success and each failure will cause connection termination with a fatal error. It is therefore very unlikely for an interactive session to be usefully attacked using this protocol weakness: an attacker would expect around 11356 connection-killing attempts before they are likely to succeed."
Additional information is available at http://www.openssh.com/txt/cbc.adv.
I hope it helps.
The OpenSSH Security Advisory provides the following information:
"For most SSH usage scenarios, this attack has a very low likelihood of being carried out successfully - each attempt has a low probability of success and each failure will cause connection termination with a fatal error. It is therefore very unlikely for an interactive session to be usefully attacked using this protocol weakness: an attacker would expect around 11356 connection-killing attempts before they are likely to succeed."
Additional information is available at http://www.openssh.com/txt/cbc.adv.
I hope it helps.
