ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Vulnerability Scan Shows Weak Cipher(s) Supported
Article ID: 173245
Updated On:
Products
Advanced Secure Gateway Software - ASG
ProxySG Software - SGOS
Issue/Introduction
SGOS version such as 6.7.3.8 is being run.
A vulnerability scanner such as Qualys reports Scan Results that includes the following:
SSL/TLS use of weak RC4 cipher port 8084/tcp over SSL
SSL/TLS Server supports TLSv1.0 port 8084/tcp over SSL
TLSv1 WITH RC4 CIPHERS IS SUPPORTED
TLSv1.1 WITH RC4 CIPHERS IS SUPPORTED
TLSv1.2 WITH RC4 CIPHERS IS SUPPORTED
RC4-MD5 RSA RSA MD5 RC4(128)
RC4-SHA RSA RSA SHA1 RC4(128)
ECDHE-RSA-RC4-SHA ECDH RSA SHA1 RC4(128)
Resolution
Upgrade to a later version of SGOS such as 6.7.4.1 (General Availability).
Its Release Notes include Security Fix 257344 which addresses the previously mentioned scan findings:
"Improves the security posture of Client Manager service on port 8084 by removing weak ciphers and
TLS versions."
Feedback
Yes
No
Powered by
