Reset Search
 

 

Article

KB28001 - Security scanning software flagged an OpenSSH J-PAKE Session Key Retrieval Vulnerability on the PCS

« Go Back

Information

 
Last Modified Date8/3/2015 12:01 AM
Synopsis

The J-PAKE vulnerability is usually identified as being related to CVE-2010-4478. This is caused by security scanning software. The PCS does not include the J-PAKE Module in its OpenSSH deployment, and is therefore not affected. This is a false positive and does not affect performance.

Problem or Goal

Security scanning software flagged an OpenSSH J-PAKE Session Key Retrieval Vulnerability on the PCS

Cause

The PCS series runs a version of Open SSH that is older than 5.6.  Some security scanners will detect this and flag a security risk based on CVE-2010-4478.

Solution

The alert regarding the OpenSSH J-PAKE vulnerability is a false positive. Although the OpenSSH version the PCS uses is included in the vulnerability, the PCS does not include the J-PAKE Module in its OpenSSH deployment, and is therefore not affected.

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255