Home/Support/Support Forum/Looking for SSL/TLS and SSH vulnerability fixes for AnywhereUSB/5 MHC
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Looking for SSL/TLS and SSH vulnerability fixes for AnywhereUSB/5 MHC

0 votes
We have two AnywhereUSB 5M hubs recently installed and scanned by our security team and we were able to re-mediate some issues but a few remain that I am not sure if or how it can be corrected on these hubs. I am looking for any information on if/how the following issues may be corrected:

ISSUE: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system.<br><br>TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.<br><br> POSSIBLE RESOLUTION: Configure SSL/TLS to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers.

ISSUE: The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. POSSIBLE RESOLUTION: Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

ISSUE: The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. POSSIBLE RESOLUTION: Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
asked Oct 23, 2014 in Realport by mr4422 New to the Community (0 points)

Please log in or register to answer this question.

1 Answer

0 votes
Recommend contacting Digi Tech. Support regarding this issue: 1-877-912-3444 or on-line: http://www.digi.com/login?ReturnUrl=%2fsupport%2feservice%2f
answered Oct 27, 2014 by userid0 Veteran of the Digi Community (2,156 points)
...