NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
M4300 Certificates - 1024 2048 key size vulnerabilities
Hi all,
Currently running a few Netgear M4300 24 port switches, I have managed to get the certs installed however our vulnerability scanner is picking up a few problems with the key size as follows... and we have this being reported on both switches.
"The remote HTTP web server / application is missing to set the 'Secure' cookie attribute for
one or more sent HTTP cookie."
''The remote SSH Server uses a weak (too small) public key size'
"The remote SSL/TLS service is prone to a denial of service (DoS) vulnerability."
I am looking for some advice on upping the key size to 2048, if so any direction would be greatly appreciated
Switches are currently running 12.0.17.6 firmware
Thank you,
1 Reply
I am getting the same, looks like we are going to need a firmware upgrade to fix this one.
"The remote HTTP web server / application is missing to set the 'Secure' cookie attribute for
one or more sent HTTP cookie." - this should be enabled when HTTPS is on.''The remote SSH Server uses a weak (too small) public key size' - this is SSH.
"The remote SSL/TLS service is prone to a denial of service (DoS) vulnerability." - webserver again.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
