SSH Server on surf-dev2.edubadges.nl has CBC Mode Ciphers Enabled #1

sveeke · 2018-06-18T08:17:05Z

threatLevel="Low" type="Insecure SSL/TLS Configuration"

The SSH server is configured to support Cipher Block Chaining (CBC) encryption.

To verify the issue:

nmap -sT -sV -p22 surf-dev2.edubadges.nl --script=ssh2-enum-algos -Pn

Output shows:

The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported : 

  3des-cbc
  aes128-cbc
  aes192-cbc
  aes256-cbc
  blowfish-cbc
  cast128-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported : 

  3des-cbc
  aes128-cbc
  aes192-cbc
  aes256-cbc
  blowfish-cbc
  cast128-cbc

Impact:
This may allow an attacker to recover the plaintext message from the ciphertext.

Recommendation:
Disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

The text was updated successfully, but these errors were encountered:

sveeke · 2018-06-18T08:22:46Z

I'll take this one when setting up the new pilot environments.

sveeke added the bug-infrastructure Bugs inside SURFnet's infrastructure label Jun 18, 2018

sveeke added this to the Pilot 2018 milestone Jun 18, 2018

sveeke self-assigned this Jun 18, 2018

sveeke added the risk-low Security issues with a low impact label Jun 18, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSH Server on surf-dev2.edubadges.nl has CBC Mode Ciphers Enabled #1

SSH Server on surf-dev2.edubadges.nl has CBC Mode Ciphers Enabled #1

sveeke commented Jun 18, 2018

sveeke commented Jun 18, 2018

SSH Server on surf-dev2.edubadges.nl has CBC Mode Ciphers Enabled #1

SSH Server on surf-dev2.edubadges.nl has CBC Mode Ciphers Enabled #1

Comments

sveeke commented Jun 18, 2018

sveeke commented Jun 18, 2018