Security Archive

Eliminating Security Vulnerabilities at PORT 22

Issue : There are findings related to security at PORT 22 after Vulnerability Assessment and Penetration Testing (VAPT).

The below are the vulnerabilities :

1. SSH Weak Algorithms Supported.
2. SSH Server CBC Mode Ciphers Enabled.
3. SSH Weak MAC Algorithms Enabled.
4. SSH Server CBC Mode Ciphers Enabled.

Solution : In order to attend the vulnerabilities you need to login as root and follow the below steps.

Step 1 : Go to the directory as below (/etc/ssh).


Step 2 : edit sshd_config file as below.


Remove weak ciphers arcfour256,arcfour128 and save the file.


Step 3 : Re-scan the port for vulnerability and you will find the errors are eliminated now.


How to prevent CSRF attack

Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files.

<BEA-000000> <A request has been denied as a potential CSRF attack.>

This issues arises due to the fact that WLS is not able to set the jsession id in the request made to the other server.

To address this issue we need to add the following in weblogic.xml



If the issue still persists, we need to add the following in the web.xml





How to decrypt WebLogic Datasource Password

You need to copy the datasource password present in the -jdbc.xml present under \config\jdbc to the password variable in the WLST Script.



Change the path variable to point to your domain

from import *
from import *

password = "{AES}0+5YrFk+fD9BFIykr3H+wPsNmPRP/GIOUId7SPqBgNg="
path = "D:/Oracle/Middleware/user_projects/domains/pega7_domain/security"
encryptionService = SerializedSystemIni.getEncryptionService(path)
cService = ClearOrEncryptedService(encryptionService)
print "password: " + cService.decrypt(password)

Execute the above script after setting the environment
>java weblogic.WLST

You should see the decrypted password in the terminal.