GFI Software Aurea SMB Solutions


Home » Product Feedback » Exinda Network Orchestrator Feedback » Upgrade OpenSSL Version
Upgrade OpenSSL Version [message #146207] Wed, 10 July 2019 16:54
ian.bugeja is currently offline  ian.bugeja
Messages: 306
Registered: March 2017
Location: Malta
Upgrade to OpenSSL version 1.0.1t / 1.0.2h or later.

For the Exinda appliance we previously requested this and were told it was coming.

Why?
OpenSSL AES-NI Padding Oracle MitM Information Disclosure

The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability due to an error in the implementation of ciphersuites that use AES in CBC mode with HMAC-SHA1 or HMAC-SHA256.
The implementation is specially written to use the AES acceleration available in x86/amd64 processors (AES-NI). The error messages returned by the server allow allow a man-in-the-middle attacker to conduct a padding oracle attack, resulting in the ability to decrypt network traffic.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2107


Ian Bugeja
GFI Software
Previous Topic: Ability to filter report by timings e.g. Report of work Hours 08:00 Hrs to 1600 Hrs
Next Topic: Database Stopped Alert
Goto Forum:
  


Current Time: Wed Oct 16 17:09:24 CEST 2019

Total time taken to generate the page: 0.02994 seconds