Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How do I disable Cipher Block Chaining (CBC) encryption for SSH server on ACS 5.5.0.46 ?

Hi , a security audit has found that the SSH server service on our ACS 5.5.0.46 is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attackerto recover the plaintext message from the ciphertext.

The advise is to enable CTR or GCM cipher mode encryption - how can this be done ? Is it some thing that can be performed from the command line?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Unfortunately at this moment

Unfortunately at this moment there is no a supported method to disable this option on ACS.

this issue addressed by:

CSCup58251    Cisco Secure ACS evaluation of CVE-2008-5161

https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr

All ACS versions are affected.

this vulnerability is fixed in ACS 5.7 version which is expected to be released between mid and late May 2015

Tariq

2 REPLIES
New Member

Unfortunately at this moment

Unfortunately at this moment there is no a supported method to disable this option on ACS.

this issue addressed by:

CSCup58251    Cisco Secure ACS evaluation of CVE-2008-5161

https://tools.cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr

All ACS versions are affected.

this vulnerability is fixed in ACS 5.7 version which is expected to be released between mid and late May 2015

Tariq

New Member

Thanks for the reply Tariq.

Thanks for the reply Tariq.

1365
Views
0
Helpful
2
Replies
CreatePlease to create content