CA Identity Suite 14.2 Virtual Appliance, Vulnerabilty Assessment SSH


Article ID: 108019


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal


If runs a vulnerabilty scan in Identity Suite Virtual Appliance 14.2 with Cumulative Patch CP-OS-140200-20180611, and identified an misconfiguration vulnerability in SSH protocol

We will need remove the following ciphers: - arcfour - arcfour128 - arcfour256.

However Virtual Appliance is blinded and it's not allowed to do this action.

The vulnerability report of Nessus is  "90317 (1) - SSH Weak Algorithms Supported" 


CA Identity Suite 14.2 Virtual Appliance plus the last OS patch CP-OS-140200-20180611.
Nessus tool to run scan over the CA Identity Suite Virtual Appliance.


Please, open a CA Support case and ask to provide you the hot-fix  HF-DE371990-20180627-0001.tar.gpg to resolve the vulnerability "90317 (1) - SSH Weak Algorithms Supported" 

Make sure have the last OS patch already installed before apply this patch CP-OS-140200-20180611. If last OS patch is not this anymore, contact CA Support to check the last one or access the release notes of CA Identity Suite 14.2 in this link: