Security

How to remediate CVE-2013-2566 related to "SSH RC4 Cipher" ?

hemendralodhi
Contributor

Hello there,

Our security team did vulnerability scan on server running Splunk v6.1.3 and asked us to remediate CVE-2013-2566 vulnerability. The description they gave us is below:

SSH RC4 Cipher Enabled
DESCRIPTION
The arcfour cipher is considered to be flawed.
SOLUTION
Disable the arcfour cipher.

We checked with OS Vendor and they have given below solution. The issue is I am not sure where to apply the changes. I have checked files having RC4 but there are many..

-Find the applications which has been configured to use TLS/SSL on server, make the suggested changes in application configuration file as suggested in Workaround 1 or Workaround 2.
o For example, if httpd is running with SSL, then make the suggested changes in /etc/httpd/conf.d/ssl.conf

*Workaround 1: Use Stronger ciphers
SSLCipherSuite HIGH:!aNULL:!MD5

*Workaround 2: Change the CipherOrder so that RC4 will be the least preferred
SSLHonorCipherOrder On
SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:HIGH:!MD5:!aNULL:!ADH:!LOW:RC4

Can someone please advise on the same?

Thanks
Hemendra

0 Karma

risgupta_splunk
Splunk Employee
Splunk Employee

This is already resolved in latest version of splunk 6.5.3

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...