Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gemechisd
Contributor
Jump to solution

Vulnerability on our SMS

We have scanned our SMS Server and found 2 vulnerablities. Can anyone suggest me how to fix them? 

1. Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)

The remote SSH server is configured to allow / support weak key exchange (KEX) algorithm(s).
Port 22/tcp

2. Weak Encryption Algorithm(s) Supported (SSH)

The remote SSH server is configured to allow / support weak encryption algorithm(s).
Port 22/tcp

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

See the resources posted in reply to this discussion amongst others:

https://community.checkpoint.com/t5/Management/How-to-disable-weak-ssh-cipher-on-R80-40-R81-10/td-p/...

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

See the resources posted in reply to this discussion amongst others:

https://community.checkpoint.com/t5/Management/How-to-disable-weak-ssh-cipher-on-R80-40-R81-10/td-p/...

CCSM R77/R80/ELITE
0 Kudos
JozkoMrkvicka
Mentor
Mentor

Which KEX and MAC were identified as weak by the scanner?

Kind regards,
Jozko Mrkvicka
0 Kudos
(1)
gemechisd
Contributor

@JozkoMrkvicka 

For KEX

- Disable the reported weak KEX algorithm(s)
     1024-bit MODP group / prime KEX algorithms:
     Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.

2. For MAC
     Disable the reported weak encryption algorithm(s).



0 Kudos
the_rock
Legend
Legend

I would say what @Chris_Atkinson gave is your solution. Btw, you can also run cipher_util from expert mode and see options available there.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events