https://community.cisco.com/t5/network-access-control/how-do-i-disable-cipher-block-chaining-cbc-encryption-for-ssh/m-p/2536230#M73491 <P>Unfortunately at this moment there is no a supported method to disable this option on ACS.</P><P>this issue addressed by:</P><P>CSCup58251&nbsp;&nbsp;&nbsp; Cisco Secure ACS evaluation of CVE-2008-5161</P><P><A href="https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr">https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr</A></P><P>All ACS versions are affected.</P><P>this vulnerability is fixed in ACS 5.7 version which is expected to be released between mid and late May 2015</P><P>Tariq</P> Wed, 08 Oct 2014 06:15:15 GMT Tariq Bader 2014-10-08T06:15:15Z https://community.cisco.com/t5/network-access-control/how-do-i-disable-cipher-block-chaining-cbc-encryption-for-ssh/m-p/2536229#M73489 <P>Hi , a security audit has found that the SSH server service on our ACS 5.5.0.46 is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attackerto recover the plaintext message from the ciphertext.</P><P>The advise is to enable CTR or GCM cipher mode encryption - how can this be done ? Is it some thing that can be performed from the command line?</P><P>&nbsp;</P><P>Thanks.</P> Mon, 11 Mar 2019 04:56:58 GMT https://community.cisco.com/t5/network-access-control/how-do-i-disable-cipher-block-chaining-cbc-encryption-for-ssh/m-p/2536229#M73489 stuart hutchinson 2019-03-11T04:56:58Z https://community.cisco.com/t5/network-access-control/how-do-i-disable-cipher-block-chaining-cbc-encryption-for-ssh/m-p/2536230#M73491 <P>Unfortunately at this moment there is no a supported method to disable this option on ACS.</P><P>this issue addressed by:</P><P>CSCup58251&nbsp;&nbsp;&nbsp; Cisco Secure ACS evaluation of CVE-2008-5161</P><P><A href="https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr">https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr</A></P><P>All ACS versions are affected.</P><P>this vulnerability is fixed in ACS 5.7 version which is expected to be released between mid and late May 2015</P><P>Tariq</P> Wed, 08 Oct 2014 06:15:15 GMT https://community.cisco.com/t5/network-access-control/how-do-i-disable-cipher-block-chaining-cbc-encryption-for-ssh/m-p/2536230#M73491 Tariq Bader 2014-10-08T06:15:15Z https://community.cisco.com/t5/network-access-control/how-do-i-disable-cipher-block-chaining-cbc-encryption-for-ssh/m-p/2536231#M73492 <P>Thanks for the reply Tariq.</P> Thu, 16 Oct 2014 16:37:03 GMT https://community.cisco.com/t5/network-access-control/how-do-i-disable-cipher-block-chaining-cbc-encryption-for-ssh/m-p/2536231#M73492 stuart hutchinson 2014-10-16T16:37:03Z