First Last Prev Next    This bug is not in your last search results.
Bug 55623 - un-recommended ssh gss kex algorithm key
un-recommended ssh gss kex algorithm key
Status: NEW
Product: UCS
Classification: Unclassified
Component: UCR
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-01-31 14:55 CET by Jan Kraljic
Modified: 2023-01-31 15:24 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Kraljic 2023-01-31 14:55:58 CET 
We have done some security scann on UCS server for SSH Audit. We were using https://github.com/jtesta/ssh-audit for scanning 

after custom MACs and KexAlgorithms there are still problems with gss kex Algorithms. 

The report: 

# key exchange algorithms
(kex) gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==      -- [warn] using weak hashing algorithm
(kex) gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==   -- [fail] using small 1024-bit modulus
                                                 `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                                 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
                                                 `- [warn] using weak hashing algorithm
(kex) gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==  -- [warn] using weak hashing algorithm

Here i don't have know-how to search for problem, i hope that would be fixed with update to 5.1
First Last Prev Next    This bug is not in your last search results.