Data Loss Prevention

Hi Guys,

Does DLP Enforce actually impacted with this CVE?

I don't see any public KB on it.....it could be false-positive of the VA @ scanner?

Regards

seeing as its a very old vulnerability the possibility is slim but to be sure open up a case with support and pass your va result

@Russel Luz

I've checked around, there was an old thread being left un-answered

https://www.symantec.com/connect/forums/vontu-ssltls-deffie-hellman-modulus-1024-bits-logjam?list_context_id=3667881&list_context_type=symantec_product

For other product like SEPM (SEP management console), actually it's possible to re-generate the self-certificate becoming 2048 instead of 1024

Wondering if it's the same for DLP

Regards

Further self research, "Logjam" only impact if the DHE_EXPORT being used or supported in cipher list

We carried out this computation against the most common 512-bit prime used for TLS and demonstrate that the Logjam attack can be used to downgrade connections to 80% of TLS servers supporting DHE_EXPORT. We further estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break.

 

https://weakdh.org/

Don't see it being used in DLP....but i'm not so sure as awaiting TSE reply on this

Just to clarify further - after deeper isolation this issue seems only to affect OCR as per 15.5 version

No other component being detect.....

but as far for the solution/fix concerns from Support - no concrete answer yet