test/docker/expected_results/openssh_5.6p1_test3.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

[0;36m# general[0m
[0;32m(gen) banner: SSH-2.0-OpenSSH_5.6[0m
[0;32m(gen) software: OpenSSH 5.6[0m
[0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m

[0;36m# security[0m
[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
[0;33m(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp[0m
[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
[0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
[0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
[0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
[0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
[0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
[0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
[0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
[0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
[0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
[0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
[0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m

[0;36m# key exchange algorithms[0m
[0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
[0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                    `- [info] available since OpenSSH 2.3.0
[0;31m(kex) diffie-hellman-group14-sha1           -- [fail] using broken SHA-1 hash algorithm[0m
[0;33m                                            `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
[0;31m(kex) diffie-hellman-group1-sha1            -- [fail] using small 1024-bit modulus[0m
[0;31m                                            `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)[0m
[0;31m                                            `- [fail] using broken SHA-1 hash algorithm[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
                                            `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9

[0;36m# host-key algorithms[0m
[0;31m(key) ssh-rsa (1024-bit)                    -- [fail] using broken SHA-1 hash algorithm[0m
[0;31m                                            `- [fail] using small 1024-bit modulus[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
                                            `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
[0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit RSA CA) -- [fail] using broken SHA-1 hash algorithm[0m
[0;31m                                                                   `- [fail] using small 1024-bit hostkey modulus[0m
                                                                   `- [info] available since OpenSSH 5.6
                                                                   `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8

[0;36m# encryption algorithms (ciphers)[0m
[0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
[0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
[0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
[0;31m(enc) arcfour256                            -- [fail] using broken RC4 cipher[0m
                                            `- [info] available since OpenSSH 4.2
[0;31m(enc) arcfour128                            -- [fail] using broken RC4 cipher[0m
                                            `- [info] available since OpenSSH 4.2
[0;33m(enc) aes128-cbc                            -- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
[0;31m(enc) 3des-cbc                              -- [fail] using broken & deprecated 3DES cipher[0m
[0;33m                                            `- [warn] using weak cipher mode[0m
[0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
[0;31m(enc) blowfish-cbc                          -- [fail] using weak & deprecated Blowfish cipher[0m
[0;33m                                            `- [warn] using weak cipher mode[0m
[0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
[0;31m(enc) cast128-cbc                           -- [fail] using weak & deprecated CAST cipher[0m
[0;33m                                            `- [warn] using weak cipher mode[0m
[0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 2.1.0
[0;33m(enc) aes192-cbc                            -- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
[0;33m(enc) aes256-cbc                            -- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
[0;31m(enc) arcfour                               -- [fail] using broken RC4 cipher[0m
                                            `- [info] available since OpenSSH 2.1.0
[0;31m(enc) rijndael-cbc@lysator.liu.se           -- [fail] using deprecated & non-standardized Rijndael cipher[0m
[0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
                                            `- [info] disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0

[0;36m# message authentication code algorithms[0m
[0;31m(mac) hmac-md5                              -- [fail] using broken MD5 hash algorithm[0m
[0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
[0;31m(mac) hmac-sha1                             -- [fail] using broken SHA-1 hash algorithm[0m
[0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
[0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
[0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
[0;31m(mac) hmac-ripemd160                        -- [fail] using deprecated RIPEMD hash algorithm[0m
[0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0
[0;31m(mac) hmac-ripemd160@openssh.com            -- [fail] using deprecated RIPEMD hash algorithm[0m
[0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0
[0;31m(mac) hmac-sha1-96                          -- [fail] using broken SHA-1 hash algorithm[0m
[0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
[0;31m(mac) hmac-md5-96                           -- [fail] using broken MD5 hash algorithm[0m
[0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0

[0;36m# fingerprints[0m
[0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m

[0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
[0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger) [0m
[0;31m(rec) -3des-cbc                             -- enc algorithm to remove [0m
[0;31m(rec) -arcfour                              -- enc algorithm to remove [0m
[0;31m(rec) -arcfour128                           -- enc algorithm to remove [0m
[0;31m(rec) -arcfour256                           -- enc algorithm to remove [0m
[0;31m(rec) -blowfish-cbc                         -- enc algorithm to remove [0m
[0;31m(rec) -cast128-cbc                          -- enc algorithm to remove [0m
[0;31m(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove [0m
[0;31m(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove [0m
[0;31m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
[0;31m(rec) -hmac-md5                             -- mac algorithm to remove [0m
[0;31m(rec) -hmac-md5-96                          -- mac algorithm to remove [0m
[0;31m(rec) -hmac-ripemd160                       -- mac algorithm to remove [0m
[0;31m(rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove [0m
[0;31m(rec) -hmac-sha1                            -- mac algorithm to remove [0m
[0;31m(rec) -hmac-sha1-96                         -- mac algorithm to remove [0m
[0;31m(rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove [0m
[0;31m(rec) -ssh-rsa                              -- key algorithm to remove [0m
[0;31m(rec) -ssh-rsa-cert-v01@openssh.com         -- key algorithm to remove [0m
[0;33m(rec) -aes128-cbc                           -- enc algorithm to remove [0m
[0;33m(rec) -aes192-cbc                           -- enc algorithm to remove [0m
[0;33m(rec) -aes256-cbc                           -- enc algorithm to remove [0m
[0;33m(rec) -umac-64@openssh.com                  -- mac algorithm to remove [0m

[0;36m# additional info[0m
[0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m