Nexpose Vulnerability Scanner Vulnerability: The default SSH configuration enables outdated encryption algorithms – Penetration Testing

The network security company Rapid7 experts recently disclosed a vulnerability (CVE-2017-5243) on Nexpose Vulnerability scanner which allows hackers to implement out-of-date algorithms such as key exchange.

Nexpose scanning devices can help users analyze vulnerabilities and reduce hacker attacks.Because Nexpose enables weaker and outdated encryption algorithms (eg AES192-CBC, Blowfish-CBC and 3DES-CBC, such as diffack-hellman-group-exchange-sha1 KEX algorithm, etc.), attacks involving hardware device authentication will Easy to succeed.

“This vulnerability is categorized as CWE-327 (using an encryption algorithm that has been compromised or at risk.) In view of the need to use the” administrator “account for SSH connections to physical devices, the account has sudo accesson the device , so the vulnerability The CVSS score is 8.5 .

Experts advise that administrators with root access can edit the / etc / ssh / sshd_config file fixes in Nexpose to ensure that the device only accepts modern passwords, key exchanges, and MAC algorithms. After updating the configuration file, the administrator also needs to verify that the application has been changed correctly, any configuration is missing, or the server will trigger a syntax error during reboot, causing the connection to fail. In addition, security experts recommend that the administrator of the Nexpose device update the system application as soon as possible and remove the server’s support for outdated encryption algorithms.

The post Nexpose Vulnerability Scanner Vulnerability: The default SSH configuration enables outdated encryption algorithms appeared first on Penetration Testing. http://ift.tt/2sFOBs3 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s