Imperva Cyber Community

Expand all | Collapse all

Vulnerability SSH server (MX and GW)

  • 1.  Vulnerability SSH server (MX and GW)

    Posted 02-24-2021 10:17
    Hello everyone.

    The "SSH Server CBC Mode Ciphers Enabled (CVE-2008-5161)" vulnerability was recently discovered in MX and GW DAM appliances version 13.3.21.

    The solution that pentesting gave me was: "disable CBC mode
    cipher encryption, and enable CTR or GCM cipher mode encryption. "

    Does anyone know how this can be solved?

    Br. 
    Victor Pinzon
    #DatabaseActivityMonitoring
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Victor Pinzon
    Ingeniero de soporte
    Bogotá
    ------------------------------


  • 2.  RE: Vulnerability SSH server (MX and GW)

    Imperva Employee
    Posted 02-26-2021 06:03

    Below is steps to restrict SSH server (port 22) to only accept strong Ciphers:

    1. Login to your MX or GW via SSH with admin account
    2. Switch to root user with command: #admin
    3. Back up your SSH Server configuration file with command: #cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
    4. Edit SSH server configuration file with command: #vi /etc/ssh/sshd_config
    5. Navigate to the bottom of the sshd_config file and modify the content:

    From

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

     To

    #Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr

    1. Save the file by pressing Ecs one time -> type :wq -> Enter
    2. Restart SSH service with command: #sshd service restart
    3. Upon successful service restart, you should see the following message:
    4. Done


    ------------------------------
    Stefan Sia (csp)
    Customer Support Specialist
    ------------------------------



  • 3.  RE: Vulnerability SSH server (MX and GW)

    Imperva Employee
    Posted 02-26-2021 06:36
    Hi Victor,

    Please try the following procedure:

    • SSH to the gateway/management server as root
    • vi /etc/ssh/sshd_config
    • add the following lines
      • Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
      • MACs hmac-sha1,hmac-ripemd160
    • Save the changes and quit.
    • Restart the sshd service: service sshd restart 
    Note: arcfour ciphers are considered as weak and you may want/need to disable them as well

    ------------------------------
    Camilo Correa
    SE
    Imperva
    ------------------------------