Endpoint Protection

 View Only

  • 1.  SSL Medium Strength Cipher Suites Supported vulnerability

    Posted Jan 24, 2017 08:02 AM

     

      Hi all,

     

     On our latest vulnerability scan of our SEPM 14 server we got this message:

     

     ---------------------

    Description
    The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 56 bits and less than 112 bits, or else that uses the 3DES encryption suite.

    Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
     
    Solution
    Reconfigure the affected application if possible to avoid use of medium strength ciphers.
     
    Output
    Here is the list of medium strength SSL ciphers supported by the remote server :

  Medium Strength Ciphers (> 64-bit and < 112-bit key)

    TLSv1
      EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
      ECDHE-RSA-DES-CBC3-SHA       Kx=ECDH        Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
      DES-CBC3-SHA                 Kx=RSA         Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}

    -------------------

     

      These vulnerability issues are on tcp ports: 443 and 8445, ports that are used by Symantec Endpoint Protection Manager.

      Is there any solution to this issue?

     

      Thanks in advance!



  • 2.  RE: SSL Medium Strength Cipher Suites Supported vulnerability

    Posted Jan 24, 2017 08:36 AM

    this is the latest I could find

     

    Common Vulnerabilities and Exposures (CVEs) applicable to Symantec Encryption Management Server

    https://support.symantec.com/en_US/article.TECH203134.html



  • 3.  RE: SSL Medium Strength Cipher Suites Supported vulnerability

    Posted Jan 24, 2017 08:39 AM

    There probably isn't a fix until a new version of 14 comes out. Support will need to confirm.



  • 4.  RE: SSL Medium Strength Cipher Suites Supported vulnerability

    Posted Mar 10, 2017 12:01 PM

    We've had this issue with multiple Symantec products. No idea how to fix it, ciphers are probably stored in a config file somewhere. Amazing that Symantec has not addressed this, really hard to believe they can't easily resolve this.  This affects all versions of 12.1 as well so it's unlikely they're ever going to address it even in a new product release. Hate to call support because they would be clueless as to how to fix it.



  • 5.  RE: SSL Medium Strength Cipher Suites Supported vulnerability

    Posted Mar 10, 2017 12:05 PM

    Just wanted to add another update. Running the latest version of SEPM and the Apache SSL config files haven't been updated since 2013. You can open the files and see where they are still loading weak ciphers and they comment that it is being done to support XP and Windows 2000, none of which anyone should be running at this point. I may just edit the files and see what happens.



  • 6.  RE: SSL Medium Strength Cipher Suites Supported vulnerability

    Posted Apr 10, 2017 08:41 AM

    Hello,

    I found the link but did not try.

    https://matt2005.wordpress.com/2017/01/06/symantec-endpoint-protection-sweet32 .

    Who can check?