Weak Ciphers used in Process Automation Base
search cancel

Weak Ciphers used in Process Automation Base

book

Article ID: 260163

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

Running PAM 04.3.05 CP06 Penetration Testing

Main issue:
Weak Cipher Suites - ROBOT Attack : Vulnerable cipher suites are supported by the server

Proposed Solution:
It is also recommended to fully deprecate RSA encryption-based key exchanges in TLS because it does not provide Forward Secrecy

Port:  443
CWE:  203

Environment

Release : 4.3

CA Process Automation

Resolution

pam.ssl.transport.enableCipherSuites and pam.ssl.transport.disableCipherSuites configuration parameters can be used to enable and disable ciphers as per customer requirements.

Additional Information

Documentation is available at below path:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/04-3-05/release-notes/cp04---readme.html

Above also applies to:

Main issue:
Weak Ciphers are detected: Not all cipher suites support Perfect Forward Secrecy

Proposed Solution:
Suport PFS by using cipher suites with ECDHE - Elliptic Curve Diffie-Hellman Ephemeral and DHE - Diffie-Hellman Ephemeral key exchanges.

Port:  443
CWE:  327