Weak Ciphers used in Process Automation Base
search cancel

Weak Ciphers used in Process Automation Base


Article ID: 260163


Updated On:


CA Process Automation Base


Running PAM 04.3.05 CP06 Penetration Testing

Main issue:
Weak Cipher Suites - ROBOT Attack : Vulnerable cipher suites are supported by the server

Proposed Solution:
It is also recommended to fully deprecate RSA encryption-based key exchanges in TLS because it does not provide Forward Secrecy

Port:  443
CWE:  203


Release : 4.3

CA Process Automation


pam.ssl.transport.enableCipherSuites and pam.ssl.transport.disableCipherSuites configuration parameters can be used to enable and disable ciphers as per customer requirements.

Additional Information

Documentation is available at below path:

Above also applies to:

Main issue:
Weak Ciphers are detected: Not all cipher suites support Perfect Forward Secrecy

Proposed Solution:
Suport PFS by using cipher suites with ECDHE - Elliptic Curve Diffie-Hellman Ephemeral and DHE - Diffie-Hellman Ephemeral key exchanges.

Port:  443
CWE:  327