CA Identity Suite 14.2 Virtual Appliance, Vulnerabilty Assessment SSH

Document ID : KB000108019
Last Modified Date : 26/07/2018
Show Technical Document Details
Introduction:
If runs a vulnerabilty scan in Identity Suite Virtual Appliance 14.2 with Cumulative Patch CP-OS-140200-20180611, and identified an misconfiguration vulnerability in SSH protocol

We will need remove the following ciphers: - arcfour - arcfour128 - arcfour256.

However Virtual Appliance is blinded and it's not allowed to do this action.

The vulnerability report of Nessus is  "90317 (1) - SSH Weak Algorithms Supported" 
Environment:
CA Identity Suite 14.2 Virtual Appliance plus the last OS patch CP-OS-140200-20180611.
Nessus tool to run scan over the CA Identity Suite Virtual Appliance.
Instructions:
Please, open a CA Support case and ask to provide you the hot-fix  HF-DE371990-20180627-0001.tar.gpg to resolve the vulnerability "90317 (1) - SSH Weak Algorithms Supported" 

Make sure have the last OS patch already installed before apply this patch CP-OS-140200-20180611. If last OS patch is not this anymore, contact CA Support to check the last one or access the release notes of CA Identity Suite 14.2 in this link:

https://docops.ca.com/ca-identity-suite/14-2/en/release-notes