id: dropbear-weakmac info: name: Dropbear Weak MAC Algorithms Enabled author: pussycat0x severity: low description: | The mac-alg command specifies which MAC algorithms in the SSH client profile for SSH encryption negotiation with an SFTP server when the DataPower Gateway acts as an SFTP client. remediation: | Disable MD5 and 96-bit MAC algorithms. reference: | https://www.virtuesecurity.com/kb/ssh-weak-mac-algorithms-enabled metadata: verified: true shodan-query: 'product:"Dropbear sshd"' tags: network,ssh,dropbear,misconfig network: - inputs: - data: "\n" host: - "{{Hostname}}" - "{{Host}}:22" matchers-condition: and matchers: - type: word words: - "hmac-md5" - "hmac-sha1" condition: or - type: word words: - "SSH-"