ssh-audit/test/docker/expected_results/openssh_8.0p1_test3.json

207 lines
5.7 KiB
JSON
Raw Normal View History

{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",
"raw": "SSH-2.0-OpenSSH_8.0",
"software": "OpenSSH_8.0"
},
"compression": [
"none",
"zlib@openssh.com"
],
"cves": [
{
"cvssv2": 7.0,
"description": "privilege escalation via supplemental groups",
"name": "CVE-2021-41617"
},
{
"cvssv2": 7.8,
"description": "command injection via anomalous argument transfers",
"name": "CVE-2020-15778"
},
{
"cvssv2": 7.8,
"description": "memory corruption and local code execution via pre-authentication integer overflow",
"name": "CVE-2019-16905"
},
{
"cvssv2": 5.3,
"description": "enumerate usernames via challenge response",
"name": "CVE-2016-20012"
}
],
"enc": [
{
"algorithm": "chacha20-poly1305@openssh.com",
"notes": {
"info": [
"default cipher since OpenSSH 6.9",
"available since OpenSSH 6.5, Dropbear SSH 2020.79"
],
"warn": [
"vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation"
]
}
},
{
"algorithm": "aes256-gcm@openssh.com",
"notes": {
"info": [
"available since OpenSSH 6.2"
]
}
},
{
"algorithm": "aes128-gcm@openssh.com",
"notes": {
"info": [
"available since OpenSSH 6.2"
]
}
},
{
"algorithm": "aes256-ctr",
"notes": {
"info": [
"available since OpenSSH 3.7, Dropbear SSH 0.52"
]
}
},
{
"algorithm": "aes192-ctr",
"notes": {
"info": [
"available since OpenSSH 3.7"
]
}
},
{
"algorithm": "aes128-ctr",
"notes": {
"info": [
"available since OpenSSH 3.7, Dropbear SSH 0.52"
]
}
}
],
"fingerprints": [
{
"hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU",
"hash_alg": "SHA256",
"hostkey": "ssh-ed25519"
},
{
"hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9",
"hash_alg": "MD5",
"hostkey": "ssh-ed25519"
}
],
"kex": [
{
"algorithm": "curve25519-sha256",
"notes": {
"info": [
"default key exchange from OpenSSH 7.4 to 8.9",
"available since OpenSSH 7.4, Dropbear SSH 2018.76"
]
}
},
{
"algorithm": "curve25519-sha256@libssh.org",
"notes": {
"info": [
"default key exchange from OpenSSH 6.5 to 7.3",
"available since OpenSSH 6.4, Dropbear SSH 2013.62"
]
}
},
{
"algorithm": "diffie-hellman-group-exchange-sha256",
"keysize": 4096,
"notes": {
"info": [
"OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 4096. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).",
"available since OpenSSH 4.4"
]
}
}
],
"key": [
{
"algorithm": "ssh-ed25519",
"notes": {
"info": [
"available since OpenSSH 6.5, Dropbear SSH 2020.79"
]
}
}
],
"mac": [
{
"algorithm": "hmac-sha2-256-etm@openssh.com",
"notes": {
"info": [
"available since OpenSSH 6.2"
]
}
},
{
"algorithm": "hmac-sha2-512-etm@openssh.com",
"notes": {
"info": [
"available since OpenSSH 6.2"
]
}
},
{
"algorithm": "umac-128-etm@openssh.com",
"notes": {
"info": [
"available since OpenSSH 6.2"
]
}
}
],
"recommendations": {
"informational": {
"add": {
"kex": [
{
"name": "diffie-hellman-group16-sha512",
"notes": ""
},
{
"name": "diffie-hellman-group18-sha512",
"notes": ""
}
],
"key": [
{
"name": "rsa-sha2-256",
"notes": ""
},
{
"name": "rsa-sha2-512",
"notes": ""
}
]
}
},
"warning": {
"del": {
"enc": [
{
"name": "chacha20-poly1305@openssh.com",
"notes": ""
}
]
}
}
},
"target": "localhost:2222"
}