Brocade Management Software Community

Expand all | Collapse all

Vulnerabilities on Host Connectivity Manager 3.2.5.0

Jump to Best Answer
  • 1.  Vulnerabilities on Host Connectivity Manager 3.2.5.0

    Posted 06-16-2017 11:43 AM

    I must solve some vulnerabilities created by the process hcmagent.exe located on C:\Program Files\Brocade\Adapter\driver\util\hbaagent\bin
    They are related to weak ciphers and protocols (SSL RC4 etc) . I do not know if some configurations should be applied or there is an update or patch.
    SSL Version 2 and 3 Protocol Detection (POODLE)
    TLS Version 1.2 Protocol Not Enabled     
    SSL RC4 Cipher Suites Supported     
    SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
    CVE-2016-2183   
    CVE-2016-6329   
    SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
    CVE-2014-3566   
    SSL RC4 Cipher Suites Supported
    CVE-2013-2566   
    CVE-2015-2808   
    IETF X.509 SSL Certificate Signature Collision Vulnerability
    CVE-2004-2761
    SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)
    CVE-2016-0800   

     

    1. I need to know how these vulnerabilities could be solved or how to apply strong ciphers. Could this be done by setting the variable SSLCiphers HIGH instead of ALL in the file abyss.conf?
    C:\Program Files\Brocade\Adapter\driver\util\hbaagent\conf\abyss.conf

    2. In addition I must solve vulnerabilities related to certificates due to the same process and port. How can be a certificate 2048b/SHA2  imported for this application?

    3. Regarding TLS1.2, how can this be set on this application? (the OS registry is already correctly set)

     

    any experience on this matter? I have not found information on this in Security Advisories section.


    #BrocadeManagementSoftwareCommunity


  • 2.  Re: Vulnerabilities on Host Connectivity Manager 3.2.5.0
    Best Answer

    Posted 06-16-2017 12:55 PM

    @panizzag

     

    HCM is a part of HBA Management Software aquiered by QLOGIC now Acquired by Cavium

     

    Fow Update download -if available - please visit www.qlogic.com

     

     


    #BrocadeManagementSoftwareCommunity