search cancel

Is Identity Manager impacted by CVE-2017-8563

book

Article ID: 188750

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Microsoft has released a patch (https://www.catalog.update.microsoft.com/Search.aspx?q=KB4541509) to protect against vulnerability CVE-2017-8563.  Does this patch impact CA Identity Manager (Symantec IGA)  functionality?

 

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

We have reviewed the Microsoft Document (https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows) and its hardening response to CVE-2017-8563.  The patch is designed to provide hardening to Ldaps.  Employing the fix allows administrators to enforce secured signing (encryption) for LDAP bindings using SSL (Secure Socket Layers).  This will ensure that any non-secure Ldap requests are rejected either over port 389 (using SASL) or 636 (Ldap over SSL) where no valid certificate exists.  

The patch does not impact CA Identity Manager Provisioning if SSL has been enabled at the Endpoint.