A cyber security audit identified a number of security vulnerabilities related to the probe port of a probe built using Perl SDK.

Examples

1.Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) 

2.SSL Server Has SSLv3 Enabled Vulnerability

3.SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)

4.SSL/TLS use of weak RC4 cipher 

5.SSL Certificate - Signature Verification Failed Vulnerability 

6.SSL Certificate - Self-Signed Certificate 

7.SSL Server May Be Forced to Use Weak Encryption Vulnerability 

8.SSL Server Supports Weak Encryption Vulnerability

Release : 20.x or later

Component : UIM - SDK_JAVA

SDK_Perl 5.10

Dev has done detailed analysis on the same and concluded that this vulnerability is not only with Perl SDK but with probes build using C SDK and like. 

The probe opens a port provided by the robot for callbacks and the port open by the probe is not TLS enabled.

When someone tries to connect the probe with SSL/ TLS. the probe refuses to connect and can be verified in any probe log "SSL - SSL_accept error (1) on new SSL connection". 

We also created a simple socket server and observed the same behavior.

Hence the outcome of the analysis is we can either consider the vulnerabilities as false positive 

or we can apply additional security on the server by disabling the port via whitelisting or blacklisting.

Disabling port will not impact the behavior of probe as robot and probe lie within-host boundaries.

Refreshing SDK doesn't help in this case because the port is not TLS enabled. Even if someone tries to connect to the port through SSL/TLS the port will refuse to connect. 

To conclude the vulnerabilities identified are false-positive and port can be protected by disabling the port through firewall.