Liam Somerville

**Name of the Vulnerable Software and Affected Versions** Rapid7 Nexpose hardware appliances versions prior to June 2017 **Description** The default SSH configuration does not specify desired algorithms for key exchange and other important functions, allowing all algorithms supported by the relevant version of OpenSSH. This makes the installations vulnerable to man-in-the-middle (MITM), downgrade, and decryption attacks. **Recommendations** For Rapid7 Nexpose hardware appliances versions prior to June 2017, consider updating the SSH configuration to specify desired algorithms for key exchange and other important functions to prevent MITM, downgrade, and decryption attacks.