How to remediate CVE-2013-2566 related to "SSH RC4 Cipher" ?


Hello there,

Our security team did vulnerability scan on server running Splunk v6.1.3 and asked us to remediate CVE-2013-2566 vulnerability. The description they gave us is below:

SSH RC4 Cipher Enabled
The arcfour cipher is considered to be flawed.
Disable the arcfour cipher.

We checked with OS Vendor and they have given below solution. The issue is I am not sure where to apply the changes. I have checked files having RC4 but there are many..

-Find the applications which has been configured to use TLS/SSL on server, make the suggested changes in application configuration file as suggested in Workaround 1 or Workaround 2.
o For example, if httpd is running with SSL, then make the suggested changes in /etc/httpd/conf.d/ssl.conf

*Workaround 1: Use Stronger ciphers
SSLCipherSuite HIGH:!aNULL:!MD5

*Workaround 2: Change the CipherOrder so that RC4 will be the least preferred
SSLHonorCipherOrder On

Can someone please advise on the same?


0 Karma

Splunk Employee
Splunk Employee

This is already resolved in latest version of splunk 6.5.3

0 Karma