search cancel

udm_manager port 4334 security finding along with certifiacte expiry Message

book

Article ID: 243170

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

 

There are some security findings on udm_manager probe (port 4334)

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
SSL Certificate Expiry
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Certificate with Wrong Hostname
SSL Certificate Cannot Be Trusted
SSL Self-Signed Certificate

Also

The UDM_manager version is 20.41

 

The SSL certificate has already expired :

  Subject          : C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=Unknown
  Issuer           : C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=Unknown
  Not valid before : Jan 29 19:36:36 2012 GMT
  Not valid after  : Jan 26 19:36:36 2022 GMT

 

 

 

Environment

Release : 20.3 and 20.4

Component : UIM - UDM

Resolution

Can udm_manager probe use 3rd party certificate instead of the self-signed certificate?

      https://knowledge.broadcom.com/external/article?articleId=231601

 

It is not possible to configure udm_manager to use 3rd party certs .UIM - udm_manager probe vulnerability test, you may refer below

https://knowledge.broadcom.com/external/article?articleId=209130

 
We are going to release new versions of Udm_manager and discovery_server which use an updated cert which is valid till 2031.
 
Tentatively these probes will be included in upcoming UIM 20.40 Server CU3