0 Replies Latest reply on Sep 30, 2016 5:23 AM by cottroad

    SSL Security flaw "Bar mitzvah"

    cottroad Apprentice

      I have heard that LANDESK Management Suite and the CSA still use an older, less secure, RC4 encryption algorithm and that a new attack named Bar Mitzvah could allow hackers to steal credentials and other data from traffic encrypted with it. (A recent PEN test has identified it)

       

      Does anyone know what steps can be taken to plug the hole on both the CSA and LDMS? Will, for example, applying the latest patch for the CSA prevent it from negotiating using this weak algorithm?

       

      Thanks in advance.