Summary

Security Advisory ID : BSA-2021-1291

Component : SSH

Revision : 2.0: Final

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

Note: New Standard for SSL Certificates Industry standards set by the Certification Authority/Browser (CA/B) Forum require that certificates issued after January 1, 2014 MUST be at least 2048-bit key length.

Affected Products

Security update provided in Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0 and Brocade SANnav v2.1.1

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Workaround

Brocade Fabric OS

From the cli perform the following:

Delete the existing 1048 RSA and DSA keys using commands:
#sshutil delhostkey -dsa <deletes DSA 1024 key>
#sshutil delhostkey -rsa <deletes 1024 RSA key>

Manually create the key.
#sshutil genhostkey -rsa 

Verify the newly created key.
#sshutil showhostkey

Revision History