CA Identity Suite 14.2 Virtual Appliance, Vulnerabilty Assessment SSH
Article ID: 108019
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
If runs a vulnerabilty scan in Identity Suite Virtual Appliance 14.2 with Cumulative Patch CP-OS-140200-20180611, and identified an misconfiguration vulnerability in SSH protocol
We will need remove the following ciphers: - arcfour - arcfour128 - arcfour256.
However Virtual Appliance is blinded and it's not allowed to do this action.
The vulnerability report of Nessus is "90317 (1) - SSH Weak Algorithms Supported"
We will need remove the following ciphers: - arcfour - arcfour128 - arcfour256.
However Virtual Appliance is blinded and it's not allowed to do this action.
The vulnerability report of Nessus is "90317 (1) - SSH Weak Algorithms Supported"
Environment
CA Identity Suite 14.2 Virtual Appliance plus the last OS patch CP-OS-140200-20180611.
Nessus tool to run scan over the CA Identity Suite Virtual Appliance.
Nessus tool to run scan over the CA Identity Suite Virtual Appliance.
Resolution
Please, open a CA Support case and ask to provide you the hot-fix HF-DE371990-20180627-0001.tar.gpg to resolve the vulnerability "90317 (1) - SSH Weak Algorithms Supported"
Make sure have the last OS patch already installed before apply this patch CP-OS-140200-20180611. If last OS patch is not this anymore, contact CA Support to check the last one or access the release notes of CA Identity Suite 14.2 in this link:
https://docops.ca.com/ca-identity-suite/14-2/en/release-notes
Make sure have the last OS patch already installed before apply this patch CP-OS-140200-20180611. If last OS patch is not this anymore, contact CA Support to check the last one or access the release notes of CA Identity Suite 14.2 in this link:
https://docops.ca.com/ca-identity-suite/14-2/en/release-notes
Feedback
Yes
No
Powered by
