Return
-
Title
SSH Server vulnerabilities reported for SPCW 2.5 -
Description
Security scan reports the following SSH server vulnerabilities for SPCW 2.5 clients:
1) SSH Server CBC Mode Ciphers Enabled
2) SSH Weak MAC Algorithms Enabled. -
Resolution
WORKAROUND:
None
STATUS:
The reported vulnerabilities have been fixed in SPCW version 2.5.4+, available at Software Downloads.
-
Change Request
BFER7170 -
Additional Information
Release notes: SPCW 2.5.4 limits the ciphers allowed in SSH connections to aes256-ctr and aes128-ctr. It also limits the MACs allowed to hmac-sha1.