book
Article ID: 201486
calendar_today
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
How to mitigate Sweet 32 / CVE-2013-2566 vulnerability in PIM R12.8 SP1
Environment
Release : 12.8
Component : CA ControlMinder
Cause
This is a known vulnerabiliy and needs to be fixed.
Resolution
We could remediate below issues in PIM servers using jdk1.8 version.
TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
TLS Server Supports TLS version 1.0
TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566)
Remedy :
Pre-requisite : jdk 1.8 version
1) Navigate to folder(or similar) C:\jdk1.8.0\jre\lib\security
2) Open java.security
3) edit the line that contains "jdk.tls.disabledAlgorithms"
4) Merge these values to existing ones "SSLv3, DES, DESede, RC4, MD5withRCA"
5) Restart ActiveMQ service,Jboss and Web Server(s) applicable.