nuclei-templates/javascript/misconfiguration/ssh/ssh-cbc-mode-ciphers.yaml

id: ssh-cbc-mode-ciphers

info:
  name: SSH Server CBC Mode Ciphers Enabled
  author: pussycat0x
  severity: low
  description: |
    "SSH Server CBC Mode Ciphers Enabled" signifies that the SSH server supports Cipher Block Chaining (CBC) mode ciphers, which are known for potential vulnerabilities. This configuration poses a security risk, and it's recommended to disable CBC ciphers in favor of more secure alternatives for enhanced protection during data transmission.
  reference:
    - https://www.tenable.com/plugins/nessus/70658
  metadata:
    verified: true
    max-request: 2
    shodan-query: product:"OpenSSH"
  tags: js,enum,ssh,misconfig,network

javascript:
  - pre-condition: |
      isPortOpen(Host,Port)
    code: |
      let m = require("nuclei/ssh");
      let c = m.SSHClient();
      let response = c.ConnectSSHInfoMode(Host, Port);
      Export(response);
    args:
      Host: "{{Host}}"
      Port: "22"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "client_to_server_ciphers"
          - "server_to_client_ciphers"
        condition: and

      - type: word
        words:
          - "aes128-cbc"
          - "aes192-cbc:"
          - "aes256-cbc"
          - "3des-cbc"
          - "blowfish-cbc"
          - "cast128-cbc"
        condition: or
# digest: 4a0a00473045022100ab4b243e53367496b3662f4bf89922608e1fe7d795cadb204e2e3c677e20e1c7022065e11a8621be3306742a810c72efe5996a402e2a9bf8c66ef1d343e95fdbe58c:922c64590222798bb761d5b6d8e72950
SSH Server CBC Mode Ciphers Enabled 2023-11-11 18:17:03 +00:00			`id: ssh-cbc-mode-ciphers`

			`info:`
			`name: SSH Server CBC Mode Ciphers Enabled`
			`author: pussycat0x`
			`severity: low`
			`description: \|`
			`"SSH Server CBC Mode Ciphers Enabled" signifies that the SSH server supports Cipher Block Chaining (CBC) mode ciphers, which are known for potential vulnerabilities. This configuration poses a security risk, and it's recommended to disable CBC ciphers in favor of more secure alternatives for enhanced protection during data transmission.`
			`reference:`
			`- https://www.tenable.com/plugins/nessus/70658`
			`metadata:`
			`verified: true`
TemplateMan Update [Tue Dec 12 11:07:51 UTC 2023] :robot: 2023-12-12 11:07:52 +00:00			`max-request: 2`
SSH Server CBC Mode Ciphers Enabled 2023-11-11 18:17:03 +00:00			`shodan-query: product:"OpenSSH"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: js,enum,ssh,misconfig,network`
final lint fix 2024-01-04 06:46:23 +00:00
SSH Server CBC Mode Ciphers Enabled 2023-11-11 18:17:03 +00:00			`javascript:`
SSH: pre-condition 2023-12-01 13:18:05 +00:00			`- pre-condition: \|`
			`isPortOpen(Host,Port)`
			`code: \|`
SSH Server CBC Mode Ciphers Enabled 2023-11-11 18:17:03 +00:00			`let m = require("nuclei/ssh");`
			`let c = m.SSHClient();`
			`let response = c.ConnectSSHInfoMode(Host, Port);`
javascript templates with new syntax 2024-02-29 08:05:22 +00:00			`Export(response);`
SSH Server CBC Mode Ciphers Enabled 2023-11-11 18:17:03 +00:00			`args:`
			`Host: "{{Host}}"`
			`Port: "22"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "client_to_server_ciphers"`
			`- "server_to_client_ciphers"`
			`condition: and`

			`- type: word`
			`words:`
			`- "aes128-cbc"`
			`- "aes192-cbc:"`
			`- "aes256-cbc"`
			`- "3des-cbc"`
			`- "blowfish-cbc"`
			`- "cast128-cbc"`
Auto Template Signing [Sun Nov 12 10:32:58 UTC 2023] :robot: 2023-11-12 10:32:59 +00:00			`condition: or`
Auto Template Signing [Thu Feb 29 08:16:55 UTC 2024] :robot: 2024-02-29 08:16:55 +00:00			`# digest: 4a0a00473045022100ab4b243e53367496b3662f4bf89922608e1fe7d795cadb204e2e3c677e20e1c7022065e11a8621be3306742a810c72efe5996a402e2a9bf8c66ef1d343e95fdbe58c:922c64590222798bb761d5b6d8e72950`