search cancel

CVE-2013-2566 - Sweet 32

book

Article ID: 201486

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

How to mitigate Sweet 32 / CVE-2013-2566 vulnerability in PIM R12.8 SP1

Cause

This is a known vulnerabiliy and needs to be fixed.

Environment

Release : 12.8

Component : CA ControlMinder

Resolution

We could remediate below issues in PIM servers using jdk1.8 version.

TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

TLS Server Supports TLS version 1.0

TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566)

Remedy :

Pre-requisite : jdk 1.8 version

1) Navigate to folder(or similar) C:\jdk1.8.0\jre\lib\security

2) Open java.security

3) edit the line that contains "jdk.tls.disabledAlgorithms"

4) Merge these values to existing ones "SSLv3, DES, DESede, RC4, MD5withRCA"

5) Restart ActiveMQ service,Jboss and Web Server(s) applicable.