Hardcoded SSH Host Key Detection

info Nessus Network Monitor Plugin ID 7281

Synopsis

A hardcoded, non-unique SSH host key has been detected.

Description

The remote host is using a hardcoded, non-unique SSH host key. This may allow a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks, resulting in sensitive information exposure.

Solution

Where possible, users of affected devices should manually replace SSH host keys so that they are unique to the device.

Plugin Details

Severity: Info

ID: 7281

Version: 1.0

Family: Generic

Published: 8/20/2017

Updated: 8/16/2018

Detections

Analytics