HIGH (1)
IPMI v2.0 Password Hash Disclosure
The remote host supports IPMI v2.0. The Intelligent Platform
Management Interface (IPMI) protocol is affected by an information
disclosure vulnerability due to the support of RMCP+ Authenticated
Key-Exchange Protocol (RAKP) authentication. A remote attacker can
obtain password hash information for valid user accounts via the HMAC
from a RAKP message 2 response from a BMC.
Javasolt megoldás
There is no patch for this vulnerability; it is an inherent problem
with the specification for IPMI v2.0. Suggested mitigations include :
- Disabling IPMI over LAN if it is not needed.
- Using strong passwords to limit the successfulness of
off-line dictionary attacks.
- Using Access Control Lists (ACLs) or isolated networks
to limit access to your IPMI management interfaces.
LOW (2)
SSH Weak MAC Algorithms Enabled
Plugin ID: 71049
Port: tcp/22
The remote SSH server is configured to allow either MD5 or 96-bit MAC
algorithms, both of which are considered weak.
Note that this plugin only checks for the options of the SSH server,
and it does not check for vulnerable software versions.
Javasolt megoldás
Contact the vendor or consult product documentation to disable MD5 and
96-bit MAC algorithms.
SSH Weak Key Exchange Algorithms Enabled
Plugin ID: 153953
Port: tcp/22
The remote SSH server is configured to allow key exchange algorithms which are considered weak.
This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
RFC9142. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be
enabled. This includes:
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
gss-gex-sha1-*
gss-group1-sha1-*
gss-group14-sha1-*
rsa1024-sha1
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software
versions.
Javasolt megoldás
Contact the vendor or consult product documentation to disable the weak algorithms.