cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSH Weak Algorithms Supported

sagar_dalvi
Participant

Hi,

 

While scanning Dynatrace ActiveGate for VAPT vulnerabilities "SSH Weak Algorithms Supported" this point is highlighted by concern team. 

Vulnerability Description: Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.

So we're seeking inputs from Dynatrace team this kind of algorithm using in product or not, if we're using this algorithm in product, So please provide solution to resolve this vulnerability issue as soon as possible.

 

Regards

Sagar Dalvi

 

 

3 REPLIES 3

ChadTurner
Guru

@sagar_dalvi I would recommend raising this concern to Dynatrace support so the vulnerability can be reviewed and addressed. 

-Chad

Julius_Loman
Leader

Dynatrace does not include any SSH service in its platform. If your scanner really reports SSH Weak Algorithms Supported(not SSL), then it's up to you to upgrade the underlying operating system where your ActiveGate is running.

TEMPEST a.s., Slovakia, Dynatrace Master Partner

Thank you for the clarity @Julius_Loman 

-Chad