Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3354
Views
0
Helpful
2
Replies

How do I disable Cipher Block Chaining (CBC) encryption for SSH server on ACS 5.5.0.46 ?

Go to solution
stuart hutchinson
Level 1
Level 1

‎08-18-2014 09:30 AM - edited ‎03-10-2019 09:56 PM

Hi , a security audit has found that the SSH server service on our ACS 5.5.0.46 is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attackerto recover the plaintext message from the ciphertext.

The advise is to enable CTR or GCM cipher mode encryption - how can this be done ? Is it some thing that can be performed from the command line?

 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tariq Bader
Cisco Employee
Cisco Employee

‎10-07-2014 11:15 PM

Unfortunately at this moment there is no a supported method to disable this option on ACS.

this issue addressed by:

CSCup58251    Cisco Secure ACS evaluation of CVE-2008-5161

https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr

All ACS versions are affected.

this vulnerability is fixed in ACS 5.7 version which is expected to be released between mid and late May 2015

Tariq

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Tariq Bader
Cisco Employee
Cisco Employee

‎10-07-2014 11:15 PM

Unfortunately at this moment there is no a supported method to disable this option on ACS.

this issue addressed by:

CSCup58251    Cisco Secure ACS evaluation of CVE-2008-5161

https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr

All ACS versions are affected.

this vulnerability is fixed in ACS 5.7 version which is expected to be released between mid and late May 2015

Tariq

0 Helpful

Go to solution
stuart hutchinson
Level 1
Level 1
In response to Tariq Bader

‎10-16-2014 09:37 AM

Thanks for the reply Tariq.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents