GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Exinda Network Orchestrator Feedback » Upgrade OpenSSL Version
Upgrade OpenSSL Version [message #146207] Wed, 10 July 2019 16:54
ian.bugeja is currently offline  ian.bugeja
Messages: 666
Registered: March 2017
Location: Malta
Upgrade to OpenSSL version 1.0.1t / 1.0.2h or later.

For the Exinda appliance we previously requested this and were told it was coming.

Why?
OpenSSL AES-NI Padding Oracle MitM Information Disclosure

The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability due to an error in the implementation of ciphersuites that use AES in CBC mode with HMAC-SHA1 or HMAC-SHA256.
The implementation is specially written to use the AES acceleration available in x86/amd64 processors (AES-NI). The error messages returned by the server allow allow a man-in-the-middle attacker to conduct a padding oracle attack, resulting in the ability to decrypt network traffic.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2107

Ian Bugeja
GFI Software

Report message to a moderator

Previous Topic: Ability to filter report by timings e.g. Report of work Hours 08:00 Hrs to 1600 Hrs
Next Topic: Database Stopped Alert
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun May 28 01:28:10 CEST 2023

Total time taken to generate the page: 0.05157 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software