Nexpose scanning devices can help users analyze vulnerabilities and reduce hacker attacks.Because Nexpose enables weaker and outdated encryption algorithms (eg AES192-CBC, Blowfish-CBC and 3DES-CBC, such as diffack-hellman-group-exchange-sha1 KEX algorithm, etc.), attacks involving hardware device authentication will Easy to succeed.
“This vulnerability is categorized as CWE-327 (using an encryption algorithm that has been compromised or at risk.) In view of the need to use the” administrator “account for SSH connections to physical devices, the account has sudo accesson the device , so the vulnerability The CVSS score is 8.5 .
Experts advise that administrators with root access can edit the / etc / ssh / sshd_config file fixes in Nexpose to ensure that the device only accepts modern passwords, key exchanges, and MAC algorithms. After updating the configuration file, the administrator also needs to verify that the application has been changed correctly, any configuration is missing, or the server will trigger a syntax error during reboot, causing the connection to fail. In addition, security experts recommend that the administrator of the Nexpose device update the system application as soon as possible and remove the server’s support for outdated encryption algorithms.
The post Nexpose Vulnerability Scanner Vulnerability: The default SSH configuration enables outdated encryption algorithms appeared first on Penetration Testing. http://ift.tt/2sFOBs3 http://ift.tt/2aM8QhC