CA Identity Suite 14.2 Virtual Appliance, Vulnerabilty Assessment SSH

book

Article ID: 108019

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

If runs a vulnerabilty scan in Identity Suite Virtual Appliance 14.2 with Cumulative Patch CP-OS-140200-20180611, and identified an misconfiguration vulnerability in SSH protocol

We will need remove the following ciphers: - arcfour - arcfour128 - arcfour256.

However Virtual Appliance is blinded and it's not allowed to do this action.

The vulnerability report of Nessus is  "90317 (1) - SSH Weak Algorithms Supported" 

Environment

CA Identity Suite 14.2 Virtual Appliance plus the last OS patch CP-OS-140200-20180611.
Nessus tool to run scan over the CA Identity Suite Virtual Appliance.

Resolution

Please, open a CA Support case and ask to provide you the hot-fix  HF-DE371990-20180627-0001.tar.gpg to resolve the vulnerability "90317 (1) - SSH Weak Algorithms Supported" 

Make sure have the last OS patch already installed before apply this patch CP-OS-140200-20180611. If last OS patch is not this anymore, contact CA Support to check the last one or access the release notes of CA Identity Suite 14.2 in this link:

https://docops.ca.com/ca-identity-suite/14-2/en/release-notes