SECE/4/INSECURE_ENCRYPT_ALGORITHM: OID [OID] Insecure encryption algorithms exist on the device.
An algorithm with low security is configured on the device.
| Alarm ID | Alarm Severity | Alarm Type |
|---|---|---|
1.3.6.1.4.1.2011.5.25.165.2.2.13.1 |
Warning |
qualityOfServiceAlarm(3) |
An algorithm with low security is configured on the device, which poses security risks.
Existing Configuration (Low-Security Algorithm) |
Recommended Configuration (High-Security Algorithm) |
|---|---|
ah authentication-algorithm { md5 | sha1 } |
ah authentication-algorithm sha2-256 |
algorithm sha-1 |
algorithm { hmac-sha-256 | sha-256 } |
dh { group1 | group2 | group5 } |
dh { group14 | group19 | group20 | group21 } |
esp authentication-algorithm { md5 | sha1 } |
esp authentication-algorithm sha2-256 |
esp encryption-algorithm des |
esp encryption-algorithm aes [ 128 | 192 | 256 ] |
enrollment-request signature message-digest-method sha1 |
enrollment-requestsignaturemessage-digest-method { sha-256 | sha-384 | sha-512 } |
pfs { dh-group1 | dh-group2 | dh-group5 } |
pfs { dh-group14 | dh-group19 | dh-group20 | dh-group21 } |
snmp-agent [ remote-engineid engineid ] usm-user v3 user-name authentication-mode sha [ [ localized-configuration ] cipher password ] |
snmp-agent [ remote-engineid engineid ] usm-user v3 user-name authentication-mode sha-256 [ [ localized-configuration ] cipher password ] |
tcp-algorithm-id sha-1algorithm-id |
tcp-algorithm-id { hmac-sha-256 | sha-256 } algorithm-id |
sshd server cipher { aes128-cbc | aes192-cbc | aes256-cbc } * sshd server hmac { hmac-md5 | hmac-md5-etm@openssh.com } sshd server hostkey hostkey sshd server key-exchange { ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | diffie-hellman-group1-sha1 } * |
You are advised to use more secure algorithms when a third-party controller establish a NETCONF session with this device. |