For more details, please see ourCookie Policy.

Fibre Channel (SAN)

New Member
Posts: 1
Registered: ‎07-03-2018

Vulnerabilities found switch sAN

We have found the following vulnerability in our SAN switch. Reviewing the documentation to close this vulnerability:



SSH Weak Algorithms Supported --> Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.


The following weak server-to-client encryption algorithms are supported : arcfour arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported : arcfour arcfour128 arcfour256 Port: ssh (22/tcp)



I am still validating some information about it. I have found that a way to deal with this vulnerability is by changing the encryption algorithms from "arcfour, arcfour128, arcfour256" to "aes128-ctr,aes192-ctr,aes256-ctr". However, I still have to confirm this is the best solution for you. As soon as I have validated this information I will let you know.


Any recommendations that I should review?
Do any of you know the procedure of this solution in case it is correct?

Broadcom Moderator
Posts: 120
Registered: ‎04-27-2009

Re: Vulnerabilities found switch sAN



starting with FOS 7.4 you should be able to change the algorithms with the secCryptoCfg CLI. Use the Command Reference Manual for further details.



If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution".

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.

Join the Broadcom Support Community

Get quick and easy access to valuable resources across the Broadcom Community Network.