Symantec Privileged Access Management

Hello,

The 3.3.3.01 patch allowed PAM to SSH to devices still running SHA1 encryption. These devices include CA Identity Manager Virtual Appliances, networking appliances, etc.

I upgraded my test PAM environment from 3.3.3.01 to 3.4.1. In my regression testing, I found that devices still using SHA1 encryption are no longer accessible via SSH.

Will Broadcom release a patch for 3.4.1, similar to 3.3.3.01 ,which will allow connection to target device which only support SHA1 encryption?

Thanks

Chris

Hi Chris, There is no intention to publish such a patch, as the preferred way is to update the affected target devices to move away from SHA1, but you can go ahead and request a hotfix on top of 3.4.1 if you have constraints that prevent you from resolving the problem on the target device side for the near future.
Original Message:
Sent: 08-09-2020 11:51 AM
From: Chris Scott
Subject: 3.4.1 Patch to allow CA PAM to SSH to devices still using SHA1

Hello,

The 3.3.3.01 patch allowed PAM to SSH to devices still running SHA1 encryption. These devices include CA Identity Manager Virtual Appliances, networking appliances, etc.

I upgraded my test PAM environment from 3.3.3.01 to 3.4.1. In my regression testing, I found that devices still using SHA1 encryption are no longer accessible via SSH.

Will Broadcom release a patch for 3.4.1, similar to 3.3.3.01 ,which will allow connection to target device which only support SHA1 encryption?

Thanks

Chris