CCE-92529-7Platform: cpe:/o:oracle:linux:7 | Date: (C)2019-11-07 (M)2023-07-04 |
Limit the ciphers to those algorithms which are FIPS-approved.
Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode.
The following line in '/etc/ssh/sshd_config'
demonstrates use of FIPS-approved ciphers:
'Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc'
The man page 'sshd_config(5)' contains a list of supported ciphers.
Parameter:
[cipher_list_1/cipher_list_2/cipher_list_3]
Technical Mechanism:
Approved algorithms should impart some level of confidence in their
implementation. These are also required for compliance.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.4 | Attack Vector: ADJACENT_NETWORK |
Exploit Score: 0.5 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: HIGH |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:49471 |