thomasmitchell
commented
3 years ago SHIELD 8.0.11 is 3 years old. Newer versions of SHIELD have since updated the SSH library to not use arcfour ciphers. You'll need to upgrade to at least 8.5.0 to pick up that fix.
Hi Team, We are using bosh version 270.5.0 , stemcell bosh-aws-xen-hvm-ubuntu-xenial-go_agent/456.27 and shield 8.0.11 on stemcell bosh-aws-xen-hvm-ubuntu-xenial-go_agent/621.5. We recently discovered a vulnerability in our environment pen-test as "SSH Weak Algorithms Supported" in our bosh and shield deployment for port 5444. Description: We have detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys. The following weak server-to-client and client-to-server encryption algorithms are supported: arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported: arcfour128 arcfour256
Can you please let us know how this vulnerability can be removed? Please suggest.