H610S的Nmap扫描报告了密钥强度不足的迪夫-赫尔曼组特有的漏洞
适用场景
- H610S
- H610C
- TrITON
- SolidFire
- Nmap
问题描述
H610S的BMC的Nmap扫描输出 报告密钥强度不足:
nmap --script ssl-dh-params X.X.X.X
Starting Nmap 7.92 ( https://nmap.org ) at 2023-05-17 12:39 MDT
Nmap
scan report for X.X.X.X
Host is up (0.022s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT STATE
SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key
Exchange Insufficient Group Strength
| State: VULNERABLE
| Transport Layer Security (TLS) services that use
Diffie-Hellman groups
| of insufficient strength, especially those using one of a few commonly
| shared groups, may be
susceptible to passive eavesdropping attacks.
| Check results:
| WEAK DH GROUP 1
| Cipher Suite:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| Modulus Type: Non-safe prime
| Modulus Source: RFC5114/1024-bit DSA
group with 160-bit prime order subgroup
| Modulus Length: 1024
| Generator Length: 1024
|
Public Key Length: 1024
| References:
|_ https://weakdh.org
5120/tcp open barracuda-bbs
49153/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 15.58 seconds