Nmap scan of H610S reports a vulnerability specific to Diffie-Hellman groups with insufficient key strength

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 456

Visibility:: Public

Votes:: 0

Category:: solidfire-chassis

Specialty:: solidfire

Last Updated:

Applies to

H610S
H610C
Triton
SolidFire
Nmap

Issue

Nmap scan output for the BMC of an H610S report insufficient key strength:

nmap --script ssl-dh-params X.X.X.X Starting Nmap 7.92 ( https://nmap.org ) at 2023-05-17 12:39 MDT Nmap scan report for X.X.X.X Host is up (0.022s latency). Not shown: 995 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https | ssl-dh-params: | VULNERABLE: | Diffie-Hellman Key Exchange Insufficient Group Strength | State: VULNERABLE | Transport Layer Security (TLS) services that use Diffie-Hellman groups | of insufficient strength, especially those using one of a few commonly | shared groups, may be susceptible to passive eavesdropping attacks. | Check results: | WEAK DH GROUP 1 | Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | Modulus Type: Non-safe prime | Modulus Source: RFC5114/1024-bit DSA group with 160-bit prime order subgroup | Modulus Length: 1024 | Generator Length: 1024 | Public Key Length: 1024 | References: |_ https://weakdh.org 5120/tcp open barracuda-bbs 49153/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 15.58 seconds