Community
ProLiant Servers (ML,DL,SL)

Deprecated SSH Cryptographic Settings - Vulnerability Findings

 
hemanthkumark
New Member

‎01-09-2020 10:59 PM

‎01-09-2020 10:59 PM

Deprecated SSH Cryptographic Settings - Vulnerability Findings

Recently we did vulnerability scan and found Deprecated SSH Cryptographic Settings on ILO 4, ILO 5 & OA devices.

Threat - The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.
The target is using deprecated SSH cryptographic settings to communicate.

Impact - A man-in-the-middle attacker may be able to exploit this vulnerability to record the communication to decrypt the session key and even the messages.

I would like know the way out to fix this vulbernability finding.

0 Kudos
Reply
2 REPLIES 2
Kashyap02
HPE Pro

‎01-13-2020 06:41 PM

‎01-13-2020 06:41 PM

Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings

Hi, 

Can you provide us the CVE number?

with CVE number we can advise you if the ILOs' and OAs' are affected with this or not.

Also, please provide the output of the scan report. 

I am a HPE Employee

Accept or Kudo

0 Kudos
Reply
gcpsavvy
New Member

‎05-10-2020 09:55 AM

‎05-10-2020 09:55 AM

Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings

Refer: https://www.linuxminion.com/deprecated-ssh-cryptographic-settings/

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.