Skip to main content
NetApp Knowledge Base

OTV: SSH vulnerabilities within ONTAP tools

Views:
113
Visibility:
Public
Votes:
0
Category:
virtual-storage-console-for-vmware-vsphere
Specialty:
virt
Last Updated:

Applies to

  • ONTAP tools for VMware vSphere (OTV) 9.12
  • SSH (Secure Shell)

Issue

SSH vulnerabilities highlighted:

  1. Ciphers using CFB or OFB: These are considered uncommon and deprecated due to vulnerabilities when compared to newer cipher chaining modes such as CTR or GCM
  2. RC4 cipher (arcfour, arcfour128, arcfour256): The RC4 cipher is no longer considered secure and exhibits cryptographic bias
  3. Ciphers with a 64-bit block size (DES, 3DES, Blowfish, IDEA, CAST): These ciphers may be vulnerable to birthday attacks (Sweet32)
  4. Key exchange algorithms using DH group 1 (diffie-hellman-group1-sha1, diffie-hellman-group14-sha1,gss-group1-sha1-*): DH group 1 uses a 1024-bit key size, which is considered too short and vulnerable to Logjam-style attacks

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.