Brocade 交换机中 SSH 弱密钥交换和 CBC 模式密码的漏洞

最后更新
另存为PDF

Views:: 4

Visibility:: Public

Votes:: 0

Category:: fabric-interconnect-and-management-switches

Specialty:: brocade

Last Updated:

适用于

Brocade Fabric OS v9.0.1b2

问题描述

安全扫描报告了 Brocade SAN 交换机 G620 中的漏洞，特别是：

SSH 弱密钥交换算法已启用
SSH 服务器 CBC 模式密码已启用

示例：

seccryptocfg --show :

SSH Crypto:

SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

SSH Kex          : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

SSH MAC : hmac-sha1,hmac-sha2-256,hmac-sha2-512

TLS Ciphers:

HTTPS           : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4

HTTPS_TLS_v1.3 : TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

RADIUS          : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4

LDAP : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4

SYSLOG : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4