SSH vulnerabilities: HMAC algorithms and CBC ciphers

Updated 2015-02-04T05:57:25+00:00

Issue

  • As per NCircle, the following vulnerabilities were received on RHEL 5 and RHEL 6 servers:
SSH Insecure HMAC Algorithms Enabled
SSH CBC Mode Ciphers Enabled

Below is the update from NCircle regarding the vulnerabilities 

Vulnerability Name: SSH Insecure HMAC Algorithms Enabled

Description: Insecure HMAC Algorithms are enabled

Solution:
Disable any 96-bit HMAC Algorithms.Disable any MD5-based HMAC Algorithms.
Vulnerability Name: SSH CBC Mode Ciphers Enabled

Description: CBC Mode Ciphers are enabled on the SSH Server.

Solution: Disable CBC Mode Ciphers and use CTR Mode Ciphers

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • SSH
  • Putty

Subscriber content preview. For full access to the Red Hat Knowledgebase, please log in.

Not a subscriber? Learn more about the benefits of Red Hat Subscriptions.