- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: M4300 Certificates - 1024 2048 key size vulnerabilities
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
M4300 Certificates - 1024 2048 key size vulnerabilities
Hi all,
Currently running a few Netgear M4300 24 port switches, I have managed to get the certs installed however our vulnerability scanner is picking up a few problems with the key size as follows... and we have this being reported on both switches.
"The remote HTTP web server / application is missing to set the 'Secure' cookie attribute for
one or more sent HTTP cookie."
''The remote SSH Server uses a weak (too small) public key size'
"The remote SSL/TLS service is prone to a denial of service (DoS) vulnerability."
I am looking for some advice on upping the key size to 2048, if so any direction would be greatly appreciated
Switches are currently running 12.0.17.6 firmware
Thank you,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: M4300 Certificates - 1024 2048 key size vulnerabilities
I am getting the same, looks like we are going to need a firmware upgrade to fix this one.
"The remote HTTP web server / application is missing to set the 'Secure' cookie attribute for
one or more sent HTTP cookie." - this should be enabled when HTTPS is on.
''The remote SSH Server uses a weak (too small) public key size' - this is SSH.
"The remote SSL/TLS service is prone to a denial of service (DoS) vulnerability." - webserver again.