commit
aa60568b4b
|
@ -1,33 +0,0 @@
|
||||||
id: dropbear-cbc-ciphers
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Dropbear sshd CBC Mode Ciphers Detection
|
|
||||||
author: pussycat0x
|
|
||||||
severity: low
|
|
||||||
description: |
|
|
||||||
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
|
|
||||||
reference: |
|
|
||||||
https://www.tenable.com/plugins/nessus/70658
|
|
||||||
remediation: |
|
|
||||||
Disable CBC Ciphers.
|
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
shodan-query: product:"Dropbear sshd"
|
|
||||||
verified: true
|
|
||||||
tags: network,ssh,dropbear,detect
|
|
||||||
|
|
||||||
tcp:
|
|
||||||
- inputs:
|
|
||||||
- data: "\n"
|
|
||||||
|
|
||||||
host:
|
|
||||||
- "{{Hostname}}"
|
|
||||||
port: 22
|
|
||||||
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
words:
|
|
||||||
- "cbc"
|
|
||||||
- "SSH-"
|
|
||||||
condition: and
|
|
||||||
# digest: 4a0a00473045022002fae16b256b4653ad2b98f85511cd26f00c12b388af06a773784c5a84485c17022100e96053936cf02101d8c3295bc5c5797df04c9fc0e666e5fda59f09208ff75826:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,33 +0,0 @@
|
||||||
id: dropbear-weakalgo
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Dropbear sshd Weak Key Exchange Algorithms Enabled
|
|
||||||
author: pussycat0x
|
|
||||||
severity: low
|
|
||||||
description: |
|
|
||||||
The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server. Over time, some implementations of this algorithm have been identified as weak or vulnerable.
|
|
||||||
reference: |
|
|
||||||
https://www.virtuesecurity.com/kb/ssh-weak-key-exchange-algorithms-enabled
|
|
||||||
remediation: |
|
|
||||||
Disable the weak algorithms.
|
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
shodan-query: product:"Dropbear sshd"
|
|
||||||
verified: true
|
|
||||||
tags: network,ssh,dropbear,misconfig
|
|
||||||
|
|
||||||
tcp:
|
|
||||||
- inputs:
|
|
||||||
- data: "\n"
|
|
||||||
|
|
||||||
host:
|
|
||||||
- "{{Hostname}}"
|
|
||||||
port: 22
|
|
||||||
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
words:
|
|
||||||
- "diffie-hellman-group-exchange-sha1"
|
|
||||||
- "diffie-hellman-group1-sha1"
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100c67a648de03e7a12d40987111db58dbe3c171939915e2f6c252204426551ad18022008ace27d961d279e82a266d8528612dd10fda1a23346679b3063892ba540ef48:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,38 +0,0 @@
|
||||||
id: dropbear-weakmac
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Dropbear Weak MAC Algorithms Enabled
|
|
||||||
author: pussycat0x
|
|
||||||
severity: low
|
|
||||||
description: |
|
|
||||||
The mac-alg command specifies which MAC algorithms in the SSH client profile for SSH encryption negotiation with an SFTP server when the DataPower Gateway acts as an SFTP client.
|
|
||||||
reference: |
|
|
||||||
https://www.virtuesecurity.com/kb/ssh-weak-mac-algorithms-enabled
|
|
||||||
remediation: |
|
|
||||||
Disable MD5 and 96-bit MAC algorithms.
|
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
shodan-query: product:"Dropbear sshd"
|
|
||||||
verified: true
|
|
||||||
tags: network,ssh,dropbear,misconfig
|
|
||||||
|
|
||||||
tcp:
|
|
||||||
- inputs:
|
|
||||||
- data: "\n"
|
|
||||||
|
|
||||||
host:
|
|
||||||
- "{{Hostname}}"
|
|
||||||
port: 22
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
words:
|
|
||||||
- "hmac-md5"
|
|
||||||
- "hmac-sha1"
|
|
||||||
condition: or
|
|
||||||
|
|
||||||
- type: word
|
|
||||||
words:
|
|
||||||
- "SSH-"
|
|
||||||
# digest: 4a0a0047304502201e312e2112fd02be44c3d23cd1171be0f3e848d31cb26cebf4fef752f3cd645a022100ec6214b3268a8c3179da31e03e230be9b84a0750e5ce1bf134e50d2dc5e9fe2d:922c64590222798bb761d5b6d8e72950
|
|
Loading…
Reference in New Issue