Uploaded image for project: 'AppFormer'
  1. AppFormer
  2. AF-1775

Unable to disable weak CBC ciphers and HMAC

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Done
    • Icon: Major Major
    • None
    • 2.8.0.Final
    • Security
    • 2019 Week 02-04
    • NEW
    • NEW

      Per recent vulnerability scan by Nessus, it's been found that an git SSH Server of Business Central has the following vulnerabilities.

      1. CBC Mode Ciphers Enabled -

      The SSH server is configured to use Cipher Block Chaining.

      The following client-to-server Cipher Block Chaining (CBC) algorithms
      are supported :
      aes192-cbc
      aes256-cbc
      The following server-to-client Cipher Block Chaining (CBC) algorithms
      are supported :
      aes192-cbc
      aes256-cbc

      2. SSH Weak MAC Algorithms Enabled -

      The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.

      The following client-to-server Message Authentication Code (MAC) algorithms
      are supported :
      hmac-md5
      hmac-md5-96
      hmac-sha1-96
      The following server-to-client Message Authentication Code (MAC) algorithms
      are supported :
      hmac-md5
      hmac-md5-96
      hmac-sha1-96

      But there is no ability to disable/customize these ciphers and mac algorithms.

            mdessi-1 Massimiliano Dessi
            mdessi-1 Massimiliano Dessi
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: