Oracle ZFS Storage Appliance: Nessus (security scan) has detected that ZFSSA is configured to use Arcfour stream cipher

(Doc ID 2349308.1)

Last updated on JANUARY 17, 2018

Applies to:

Oracle ZFS Storage ZS5-4 - Version All Versions and later
Oracle ZFS Storage ZS5-2 - Version All Versions and later
Oracle ZFS Storage ZS4-4 - Version All Versions and later
Oracle ZFS Storage ZS3-4 - Version All Versions and later
Oracle ZFS Storage ZS3-2 - Version All Versions and later
7000 Appliance OS (Fishworks)

Symptoms

Product Name : ZS3-2
Product version : Running 2013.1.6.5

Details of the issue/question:

After a vulnerability assessment revealed some security issues on ZFS storage:

 - For ssh services:  Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all.  RFC 4253 advises against using Arcfour due to an issue with weak keys.

Action: Contact the vendor or consult product documentation to remove the weak ciphers.

 

TSC Analysis

Reference:  https://vulners.com/nessus/SSH_WEAK_ENCRYPTION_ALGORITHMS.NASL

SSH Weak Algorithms Supported
2016-04-04 00:00:00

ID SSH_WEAK_ENCRYPTION_ALGORITHMS.NASL
Type nessus
Reporter Tenable
Modified 2016-12-14 00:00:00

Description
Nessus has detected that the remote SSH server is configured to use the Arcfour stream
cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.

NASL Family
Misc.

References : https://tools.ietf.org/html/rfc4253#section-6.

 

 

Changes

None.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms