Hello there,
Our security team did vulnerability scan on server running Splunk v6.1.3 and asked us to remediate CVE-2013-2566 vulnerability. The description they gave us is below:
SSH RC4 Cipher Enabled
DESCRIPTION
The arcfour cipher is considered to be flawed.
SOLUTION
Disable the arcfour cipher.
We checked with OS Vendor and they have given below solution. The issue is I am not sure where to apply the changes. I have checked files having RC4 but there are many..
-Find the applications which has been configured to use TLS/SSL on server, make the suggested changes in application configuration file as suggested in Workaround 1 or Workaround 2.
o For example, if httpd is running with SSL, then make the suggested changes in /etc/httpd/conf.d/ssl.conf
*Workaround 1: Use Stronger ciphers
SSLCipherSuite HIGH:!aNULL:!MD5
*Workaround 2: Change the CipherOrder so that RC4 will be the least preferred
SSLHonorCipherOrder On
SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:HIGH:!MD5:!aNULL:!ADH:!LOW:RC4
Can someone please advise on the same?
Thanks
Hemendra
This is already resolved in latest version of splunk 6.5.3