SSH Server CBC Mode Ciphers Enabled

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The SSH server is configured to use Cipher Block Chaining.

Description :

The SSH server is configured to support Cipher Block Chaining (CBC)
encryption. This may allow an attacker to recover the plaintext message
from the ciphertext.

Note that this plugin only checks for the options of the SSH server and
does not check for vulnerable software versions.

Solution :

Contact the vendor or consult product documentation to disable CBC mode
cipher encryption, and enable CTR or GCM cipher mode encryption.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 70658 ()

Bugtraq ID: 32319

CVE ID: CVE-2008-5161