当前位置:   article > 正文

Cisco switch vulnerability_bar mitzvah cisco

bar mitzvah cisco

Cisco switch

-------------------
SSH Protocol Version 1 Session Key Retrieval

https://community.cisco.com/t5/security-knowledge-base/guide-to-better-ssh-security/ta-p/3133344

(config)#ip ssh version 2

--------------------

SSH Weak Key Exchange Algorithms Enabled


https://community.cisco.com/t5/switching/how-to-disable-ssh-weak-key-exchange-algorithm/td-p/4537520

(config)#ip ssh server  algorithm encryption aes256-ctr aes128-ctr

(config)#ip ssh server  algorithm mac hmac-sha1

(config)#no ip ssh  server  algorithm mac hmac-sha1-96

---------------
SSH Weak MAC Algorithms Enabled


https://community.cisco.com/t5/other-security-subjects/ssh-weak-mac-algorithms-enabled/td-p/2972727

(config)#ip ssh server  algorithm encryption aes256-ctr aes128-ctr

(config)#ip ssh server  algorithm mac hmac-sha1

(config)#no ip ssh  server  algorithm mac hmac-sha1-96

------------
SSH Server CBC Mode Ciphers Enabled


https://community.cisco.com/t5/switching/to-disable-ssh-server-cbc-mode-ciphers/td-p/2451582

(config)#ip ssh server  algorithm encryption aes256-ctr aes128-ctr

-------------
TLS Version 1.0 Protocol Detection
SSL RC4 Cipher Suites Supported (Bar Mitzvah)
SSL Certificate Cannot Be Trusted
SSL Self-Signed Certificate
SSL Weak Cipher Suites Supported
SSL Certificate Expiry
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
SSL Medium Strength Cipher Suites Supported (SWEET32)
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
SSL Certificate Signed Using Weak Hashing Algorithm


(config)#no ip http
(config)#no ip http secure-server

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/AllinToyou/article/detail/486848
推荐阅读
相关标签
  

闽ICP备14008679号