We have two AnywhereUSB 5M hubs recently installed and scanned by our security team and we were able to re-mediate some issues but a few remain that I am not sure if or how it can be corrected on these hubs. I am looking for any information on if/how the following issues may be corrected:
ISSUE: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system.<br><br>TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.<br><br> POSSIBLE RESOLUTION: Configure SSL/TLS to only use TLS 1.1 or TLS 1.2 if supported. Configure SSL/TLS servers to only support cipher suites that do not use block ciphers.
ISSUE: The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. POSSIBLE RESOLUTION: Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
ISSUE: The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. POSSIBLE RESOLUTION: Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.