Hello
Our vulnerability scanner has found weak ciphers in udm_manager.
I found the following solution:
https://knowledge.broadcom.com/external/article/209177/security-setting-disabling-udm_manager-w.html
I have implemented above but it does not seem to work as both the scanner and nmap still see the problem.
nmap :
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 07:28 W. Europe Daylight Time
Nmap scan report for xxx
Host is up (0.0010s latency).
PORT STATE SERVICE
4334/tcp open netconf-ch-ssh
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 1024) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024) - D
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Weak certificate signature: SHA1
|_ least strength: D
Nmap done: 1 IP address (1 host up) scanned in 0.88 seconds
C:\Program Files (x86)\Nmap>
Has anyone got this to work ?
Regards
Henrik Vick
Nets Denmark