Scanning tool reports a false-positive SSH cipher issue

Symptom

Security vulnerability scanning tools, such as Nessus, report that the SSH server for HPE OneView supports Cipher Block Chaining (CBC) ciphers, allowing an attacker to recover plain text messages from ciphertext.

Cause

HPE OneView SSH server employs adequate protections that are not detected by the scanners.

Action

As the tools scan an issue without complete analysis, the report displays false information. The SSH server has all the required mitigations.

For more information, see the following topics:

Algorithms, cipher suites, and protocols for securing the appliance
Supported algorithms for the remote backup server in HPE OneView
Secure Shell access