Brocade Management Software Community

Expand all | Collapse all

Vulnerabilities on Host Connectivity Manager

Jump to Best Answer
  • 1.  Vulnerabilities on Host Connectivity Manager

    Posted 06-16-2017 11:43 AM

    I must solve some vulnerabilities created by the process hcmagent.exe located on C:\Program Files\Brocade\Adapter\driver\util\hbaagent\bin
    They are related to weak ciphers and protocols (SSL RC4 etc) . I do not know if some configurations should be applied or there is an update or patch.
    SSL Version 2 and 3 Protocol Detection (POODLE)
    TLS Version 1.2 Protocol Not Enabled     
    SSL RC4 Cipher Suites Supported     
    SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
    SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
    SSL RC4 Cipher Suites Supported
    IETF X.509 SSL Certificate Signature Collision Vulnerability
    SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)


    1. I need to know how these vulnerabilities could be solved or how to apply strong ciphers. Could this be done by setting the variable SSLCiphers HIGH instead of ALL in the file abyss.conf?
    C:\Program Files\Brocade\Adapter\driver\util\hbaagent\conf\abyss.conf

    2. In addition I must solve vulnerabilities related to certificates due to the same process and port. How can be a certificate 2048b/SHA2  imported for this application?

    3. Regarding TLS1.2, how can this be set on this application? (the OS registry is already correctly set)


    any experience on this matter? I have not found information on this in Security Advisories section.


  • 2.  Re: Vulnerabilities on Host Connectivity Manager
    Best Answer

    Posted 06-16-2017 12:55 PM



    HCM is a part of HBA Management Software aquiered by QLOGIC now Acquired by Cavium


    Fow Update download -if available - please visit