Customer has deployed in many of their final Windows devices CredSSP as described in Microsoft's CVE-2018-0866.
After doing so and Setting the Encryption Oracle Remediation policy setting "Force Updated Clients" according to , https://support.microsoft.com/ca-es/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018 in several of their Windows systems they are not able to log in to any of these systems and they are receiving errors like the following:
2019-05-22 09:38:54 ERROR - An error occurred in NTLM handshake: com.ca.xsuite.app.rdp3.core.common.libs.org.apache.harmony.security.asn1.ASN1Exception: security.132 com.ca.xsuite.app.rdp3.client.handler.cssp.ClientNTLM [PAM Access Agent-3]
CA PRIVILEGED ACCESS MANAGEMENT, all versions
Please note: you can use the setting "Force Updated Clients" setting in PAM 3.4.x - but instead of adopting our embedded RDP Client.
You can use the new functionality of a RDP Proxy, which we adopt/utilize any local RDP Client on the user's desktop.
Please see the following documentation\video on this: