CVE-2008-5161 - SSH Server CBC Mode Ciphers Enabled
book
Article ID: 188223
calendar_today
Updated On:
Products
CA Identity ManagerCA Identity GovernanceCA Identity PortalCA Identity Suite
Issue/Introduction
A security finding is showing that the servers are using vulnerable ciphers, specifically cipher block chaining.
Finding Name
Synopsis
Description
Solution
Details
SSH Server CBC Mode Ciphers Enabled
The SSH server is configured to use Cipher Block Chaining.
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
The following client-to-server Cipher Block Chaining (CBC) algorithms are supported :
CVE-2008-5161 (SSH Server CBC Mode Ciphers Enabled) which was addressed in the initial release of vAPP 14.2. As of 14.2, CBC ciphers are disabled in sshd.
Environment
Release : 14.2
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Resolution
The vulnerability was addressed in the initial release of vAPP 14.2. As of 14.2, CBC ciphers are disabled in sshd.