search cancel

SSH security vulnerability or Policy Server and other components


Article ID: 229050


Updated On:


CA Single Sign On Agents (SiteMinder) SITEMINDER



When running Siteminder on Linux machine, the "SSH Weak Key Exchange
Algorithms Enabled" vulnerability has been discovered.

  "The remote SSH server is configured to allow key exchange algorithms
   which are considered weak."



At first glance, SSH services are distinct product of Siteminder. They
are used to allow connection to the machine and they aren't related to
HTTP or HTTPS trafic protected by Siteminder. In order to solve this
vulnerability, open a ticket with the Linux OS distributor to
investigate those vulnerabilities by SSH product.