SSH vulnerability on Access Manager 4.2 AG or NAM appliance

  • 7017733
  • 16-Jun-2016
  • 16-Jun-2016

Environment

NetIQ Access Manager 4.2
NetIQ Access Manager 4.1

Situation

Penetration test was performed against NAM 4.2 appliance and the following finding were uncovered.

SSH Weak Algorithms Supported: The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.

The scanner gave the following description:

The following weak server-to-client encryption algorithms are supported :  arcfour;  arcfour128;  arcfour256;The following weak client-to-server encryption algorithms are supported :  arcfour;  arcfour128;  arcfour256; Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.

Resolution

In the /etc/ssh/sshd_config, there’s cipher directive where you can restrict ciphers.  The man page for sshd_config shows the following:

Ciphers

             Specifies the ciphers allowed for protocol version 2.  Multiple ciphers must be comma-separated.  The supported ciphers are:

              “3des-cbc”, “aes128-cbc”, “aes192-cbc”, “aes256-cbc”, “aes128-ctr”, “aes192-ctr”,

             “aes256-ctr”, “arcfour128”, “arcfour256”, “arcfour”, “blowfish-cbc”, “cast128-cbc”, and

             “chacha20-poly1305@openssh.com”.

 

             The default is:

                 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,

                chacha20-poly1305@openssh.com,

                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,

                aes256-cbc,arcfour

 

Add the cipher directive with the list the arcfour;  arcfour128;  and arcfour256 ciphers removed.