ldap_response probe ssl vulnerability

book

Article ID: 223524

calendar_today

Updated On:

Products

DX Infrastructure Management

Issue/Introduction

We are running the ldap_response probe and receiving ssl vulnerabilities on it. I have added a certificate and the vulnerability still exists.  I need some fresh eyes to see what I am doing wrong.

Cause

This is caused by the OS still having old cyphers enabled.

Environment

Release : 20.3

Component : UIM LDAP RESPONSE

Resolution

  Development will not be fixing this as it is not a UIM issue. It has to do with the OS the robot is on.

 Development has recommended disabling SSL 2.0 and 3.0 (on all the robots where the probe is deployed), and using TLS 1.2 (with better cipher suites).

For disabling weak versions of SSL/TLS you can refer to https://www.youtube.com/watch?v=dprhwDAeHIo
Windows Search: regedit.exe > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControSet > Control > SecurityProviders > SCHANNEL > Protocols