summaryrefslogtreecommitdiffstats
path: root/test/docker/expected_results/openssh_4.0p1_test1.json
diff options
context:
space:
mode:
Diffstat (limited to 'test/docker/expected_results/openssh_4.0p1_test1.json')
-rw-r--r--test/docker/expected_results/openssh_4.0p1_test1.json525
1 files changed, 525 insertions, 0 deletions
diff --git a/test/docker/expected_results/openssh_4.0p1_test1.json b/test/docker/expected_results/openssh_4.0p1_test1.json
new file mode 100644
index 0000000..f5735a9
--- /dev/null
+++ b/test/docker/expected_results/openssh_4.0p1_test1.json
@@ -0,0 +1,525 @@
+{
+ "additional_notes": [
+ ""
+ ],
+ "banner": {
+ "comments": null,
+ "protocol": "1.99",
+ "raw": "SSH-1.99-OpenSSH_4.0",
+ "software": "OpenSSH_4.0"
+ },
+ "compression": [
+ "none",
+ "zlib"
+ ],
+ "cves": [
+ {
+ "cvssv2": 7.8,
+ "description": "command injection via anomalous argument transfers",
+ "name": "CVE-2020-15778"
+ },
+ {
+ "cvssv2": 5.3,
+ "description": "enumerate usernames due to timing discrepancies",
+ "name": "CVE-2018-15473"
+ },
+ {
+ "cvssv2": 5.3,
+ "description": "readonly bypass via sftp",
+ "name": "CVE-2017-15906"
+ },
+ {
+ "cvssv2": 5.3,
+ "description": "enumerate usernames via challenge response",
+ "name": "CVE-2016-20012"
+ },
+ {
+ "cvssv2": 5.5,
+ "description": "bypass command restrictions via crafted X11 forwarding data",
+ "name": "CVE-2016-3115"
+ },
+ {
+ "cvssv2": 7.5,
+ "description": "cause DoS via triggering error condition (memory corruption)",
+ "name": "CVE-2014-1692"
+ },
+ {
+ "cvssv2": 3.5,
+ "description": "leak data via debug messages",
+ "name": "CVE-2012-0814"
+ },
+ {
+ "cvssv2": 3.5,
+ "description": "cause DoS via large value in certain length field (memory consumption)",
+ "name": "CVE-2011-5000"
+ },
+ {
+ "cvssv2": 5.0,
+ "description": "cause DoS via large number of connections (slot exhaustion)",
+ "name": "CVE-2010-5107"
+ },
+ {
+ "cvssv2": 4.0,
+ "description": "cause DoS via crafted glob expression (CPU and memory consumption)",
+ "name": "CVE-2010-4755"
+ },
+ {
+ "cvssv2": 7.5,
+ "description": "bypass authentication check via crafted values",
+ "name": "CVE-2010-4478"
+ },
+ {
+ "cvssv2": 2.6,
+ "description": "recover plaintext data from ciphertext",
+ "name": "CVE-2008-5161"
+ },
+ {
+ "cvssv2": 5.0,
+ "description": "cause DoS via multiple login attempts (slot exhaustion)",
+ "name": "CVE-2008-4109"
+ },
+ {
+ "cvssv2": 6.5,
+ "description": "bypass command restrictions via modifying session file",
+ "name": "CVE-2008-1657"
+ },
+ {
+ "cvssv2": 6.9,
+ "description": "hijack forwarded X11 connections",
+ "name": "CVE-2008-1483"
+ },
+ {
+ "cvssv2": 7.5,
+ "description": "privilege escalation via causing an X client to be trusted",
+ "name": "CVE-2007-4752"
+ },
+ {
+ "cvssv2": 5.0,
+ "description": "discover valid usernames through different responses",
+ "name": "CVE-2007-2243"
+ },
+ {
+ "cvssv2": 5.0,
+ "description": "discover valid usernames through different responses",
+ "name": "CVE-2006-5052"
+ },
+ {
+ "cvssv2": 9.3,
+ "description": "cause DoS or execute arbitrary code (double free)",
+ "name": "CVE-2006-5051"
+ },
+ {
+ "cvssv2": 7.8,
+ "description": "cause DoS via crafted packet (CPU consumption)",
+ "name": "CVE-2006-4924"
+ },
+ {
+ "cvssv2": 4.6,
+ "description": "execute arbitrary code",
+ "name": "CVE-2006-0225"
+ },
+ {
+ "cvssv2": 5.0,
+ "description": "leak data about authentication credentials",
+ "name": "CVE-2005-2798"
+ }
+ ],
+ "enc": [
+ {
+ "algorithm": "aes128-cbc",
+ "notes": {
+ "info": [
+ "available since OpenSSH 2.3.0, Dropbear SSH 0.28"
+ ],
+ "warn": [
+ "using weak cipher mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "3des-cbc",
+ "notes": {
+ "fail": [
+ "using broken & deprecated 3DES cipher"
+ ],
+ "info": [
+ "available since OpenSSH 1.2.2, Dropbear SSH 0.28"
+ ],
+ "warn": [
+ "using weak cipher mode",
+ "using small 64-bit block size"
+ ]
+ }
+ },
+ {
+ "algorithm": "blowfish-cbc",
+ "notes": {
+ "fail": [
+ "using weak & deprecated Blowfish cipher"
+ ],
+ "info": [
+ "available since OpenSSH 1.2.2, Dropbear SSH 0.28"
+ ],
+ "warn": [
+ "using weak cipher mode",
+ "using small 64-bit block size"
+ ]
+ }
+ },
+ {
+ "algorithm": "cast128-cbc",
+ "notes": {
+ "fail": [
+ "using weak & deprecated CAST cipher"
+ ],
+ "info": [
+ "available since OpenSSH 2.1.0"
+ ],
+ "warn": [
+ "using weak cipher mode",
+ "using small 64-bit block size"
+ ]
+ }
+ },
+ {
+ "algorithm": "arcfour",
+ "notes": {
+ "fail": [
+ "using broken RC4 cipher"
+ ],
+ "info": [
+ "available since OpenSSH 2.1.0"
+ ]
+ }
+ },
+ {
+ "algorithm": "aes192-cbc",
+ "notes": {
+ "info": [
+ "available since OpenSSH 2.3.0"
+ ],
+ "warn": [
+ "using weak cipher mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "aes256-cbc",
+ "notes": {
+ "info": [
+ "available since OpenSSH 2.3.0, Dropbear SSH 0.47"
+ ],
+ "warn": [
+ "using weak cipher mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "rijndael-cbc@lysator.liu.se",
+ "notes": {
+ "fail": [
+ "using deprecated & non-standardized Rijndael cipher"
+ ],
+ "info": [
+ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0",
+ "available since OpenSSH 2.3.0"
+ ],
+ "warn": [
+ "using weak cipher mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "aes128-ctr",
+ "notes": {
+ "info": [
+ "available since OpenSSH 3.7, Dropbear SSH 0.52"
+ ]
+ }
+ },
+ {
+ "algorithm": "aes192-ctr",
+ "notes": {
+ "info": [
+ "available since OpenSSH 3.7"
+ ]
+ }
+ },
+ {
+ "algorithm": "aes256-ctr",
+ "notes": {
+ "info": [
+ "available since OpenSSH 3.7, Dropbear SSH 0.52"
+ ]
+ }
+ }
+ ],
+ "fingerprints": [
+ {
+ "hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4",
+ "hash_alg": "SHA256",
+ "hostkey": "ssh-rsa"
+ },
+ {
+ "hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a",
+ "hash_alg": "MD5",
+ "hostkey": "ssh-rsa"
+ }
+ ],
+ "kex": [
+ {
+ "algorithm": "diffie-hellman-group-exchange-sha1",
+ "keysize": 1024,
+ "notes": {
+ "fail": [
+ "using small 1024-bit modulus"
+ ],
+ "info": [
+ "available since OpenSSH 2.3.0"
+ ]
+ }
+ },
+ {
+ "algorithm": "diffie-hellman-group14-sha1",
+ "notes": {
+ "fail": [
+ "using broken SHA-1 hash algorithm"
+ ],
+ "info": [
+ "available since OpenSSH 3.9, Dropbear SSH 0.53"
+ ],
+ "warn": [
+ "2048-bit modulus only provides 112-bits of symmetric strength"
+ ]
+ }
+ },
+ {
+ "algorithm": "diffie-hellman-group1-sha1",
+ "notes": {
+ "fail": [
+ "using small 1024-bit modulus",
+ "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)",
+ "using broken SHA-1 hash algorithm"
+ ],
+ "info": [
+ "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9",
+ "available since OpenSSH 2.3.0, Dropbear SSH 0.28"
+ ]
+ }
+ }
+ ],
+ "key": [
+ {
+ "algorithm": "ssh-rsa",
+ "keysize": 1024,
+ "notes": {
+ "fail": [
+ "using broken SHA-1 hash algorithm",
+ "using small 1024-bit modulus"
+ ],
+ "info": [
+ "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8",
+ "available since OpenSSH 2.5.0, Dropbear SSH 0.28"
+ ]
+ }
+ },
+ {
+ "algorithm": "ssh-dss",
+ "notes": {
+ "fail": [
+ "using small 1024-bit modulus"
+ ],
+ "info": [
+ "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0",
+ "available since OpenSSH 2.1.0, Dropbear SSH 0.28"
+ ],
+ "warn": [
+ "using weak random number generator could reveal the key"
+ ]
+ }
+ }
+ ],
+ "mac": [
+ {
+ "algorithm": "hmac-md5",
+ "notes": {
+ "fail": [
+ "using broken MD5 hash algorithm"
+ ],
+ "info": [
+ "available since OpenSSH 2.1.0, Dropbear SSH 0.28"
+ ],
+ "warn": [
+ "using encrypt-and-MAC mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "hmac-sha1",
+ "notes": {
+ "fail": [
+ "using broken SHA-1 hash algorithm"
+ ],
+ "info": [
+ "available since OpenSSH 2.1.0, Dropbear SSH 0.28"
+ ],
+ "warn": [
+ "using encrypt-and-MAC mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "hmac-ripemd160",
+ "notes": {
+ "fail": [
+ "using deprecated RIPEMD hash algorithm"
+ ],
+ "info": [
+ "available since OpenSSH 2.5.0"
+ ],
+ "warn": [
+ "using encrypt-and-MAC mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "hmac-ripemd160@openssh.com",
+ "notes": {
+ "fail": [
+ "using deprecated RIPEMD hash algorithm"
+ ],
+ "info": [
+ "available since OpenSSH 2.1.0"
+ ],
+ "warn": [
+ "using encrypt-and-MAC mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "hmac-sha1-96",
+ "notes": {
+ "fail": [
+ "using broken SHA-1 hash algorithm"
+ ],
+ "info": [
+ "available since OpenSSH 2.5.0, Dropbear SSH 0.47"
+ ],
+ "warn": [
+ "using encrypt-and-MAC mode"
+ ]
+ }
+ },
+ {
+ "algorithm": "hmac-md5-96",
+ "notes": {
+ "fail": [
+ "using broken MD5 hash algorithm"
+ ],
+ "info": [
+ "available since OpenSSH 2.5.0"
+ ],
+ "warn": [
+ "using encrypt-and-MAC mode"
+ ]
+ }
+ }
+ ],
+ "recommendations": {
+ "critical": {
+ "del": {
+ "enc": [
+ {
+ "name": "3des-cbc",
+ "notes": ""
+ },
+ {
+ "name": "arcfour",
+ "notes": ""
+ },
+ {
+ "name": "blowfish-cbc",
+ "notes": ""
+ },
+ {
+ "name": "cast128-cbc",
+ "notes": ""
+ },
+ {
+ "name": "rijndael-cbc@lysator.liu.se",
+ "notes": ""
+ }
+ ],
+ "kex": [
+ {
+ "name": "diffie-hellman-group14-sha1",
+ "notes": ""
+ },
+ {
+ "name": "diffie-hellman-group1-sha1",
+ "notes": ""
+ },
+ {
+ "name": "diffie-hellman-group-exchange-sha1",
+ "notes": ""
+ }
+ ],
+ "key": [
+ {
+ "name": "ssh-dss",
+ "notes": ""
+ },
+ {
+ "name": "ssh-rsa",
+ "notes": ""
+ }
+ ],
+ "mac": [
+ {
+ "name": "hmac-md5",
+ "notes": ""
+ },
+ {
+ "name": "hmac-md5-96",
+ "notes": ""
+ },
+ {
+ "name": "hmac-ripemd160",
+ "notes": ""
+ },
+ {
+ "name": "hmac-ripemd160@openssh.com",
+ "notes": ""
+ },
+ {
+ "name": "hmac-sha1",
+ "notes": ""
+ },
+ {
+ "name": "hmac-sha1-96",
+ "notes": ""
+ }
+ ]
+ }
+ },
+ "warning": {
+ "del": {
+ "enc": [
+ {
+ "name": "aes128-cbc",
+ "notes": ""
+ },
+ {
+ "name": "aes192-cbc",
+ "notes": ""
+ },
+ {
+ "name": "aes256-cbc",
+ "notes": ""
+ }
+ ]
+ }
+ }
+ },
+ "target": "localhost:2222"
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-06 23:37:25 +0000