Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings

hemanthkumark · ‎01-09-2020

Recently we did vulnerability scan and found Deprecated SSH Cryptographic Settings on ILO 4, ILO 5 & OA devices.

Threat - The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.
The target is using deprecated SSH cryptographic settings to communicate.

Impact - A man-in-the-middle attacker may be able to exploit this vulnerability to record the communication to decrypt the session key and even the messages.

I would like know the way out to fix this vulbernability finding.

Kashyap02 · ‎01-13-2020

Hi,

Can you provide us the CVE number?

with CVE number we can advise you if the ILOs' and OAs' are affected with this or not.

Also, please provide the output of the scan report.

I am a HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo

gcpsavvy · ‎05-10-2020

Refer: https://www.linuxminion.com/deprecated-ssh-cryptographic-settings/

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings

Deprecated SSH Cryptographic Settings - Vulnerability Findings

Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings

Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings