VIP (Validation ID Protection)

Hello Team,

Can any on help on the below query.

Need to enable the HTTP Strict Transport Security (HSTS)  on Symantec VIP to close the VAPT vulnerability.- Is it possible.

From the below community article we do not see any information related to same.

https://community.broadcom.com/HigherLogic/Security/SAML/localSAMLLoginService.aspx?ReturnUrl=https%3a%2f%2fcommunity.broadcom.com%2fparticipate%2fideation-home%2fviewidea%3fIdeationKey%3d0363169b-07c1-49cf-8de7-3a34cba706fd

Regards,
Siva.

Hi Siva,

Which version of VIP Gateway you are running? HSTS vulnerability can be mitigated if you have SSL enabled in your environment, are you using vipssp or newer MyVIP service in Gateway where you see this issue.
We release 9.10 version of gateway which is released today and this version addresses the HSTS vulnerability issue, you can download it from the VIP manager and test it in your environment, this is also 64 bit architecture as before Gateway were only 32 bit releases.
You can get more details from the release notes -
VIP Enterprise Gateway 9.10 Release Notes

Broadcom		remove preview
VIP Enterprise Gateway 9.10 Release Notes These release notes provide a summary of all new features, resolved issues, and known issues in the release. To upgrade to , you must be running 9.8.4 or later. You can upgrade to either through LiveUpdate or by manual updates. View this on Broadcom >

Please review and let us know if you have any further questions.

Thanks
Namish
Original Message:
Sent: Aug 30, 2022 01:20 AM
From: siva guthula
Subject: HSTS not implement on symantecVIP

Hello Team,

Can any on help on the below query.

Need to enable the HTTP Strict Transport Security (HSTS)  on Symantec VIP to close the VAPT vulnerability.- Is it possible.

From the below community article we do not see any information related to same.

https://community.broadcom.com/HigherLogic/Security/SAML/localSAMLLoginService.aspx?ReturnUrl=https%3a%2f%2fcommunity.broadcom.com%2fparticipate%2fideation-home%2fviewidea%3fIdeationKey%3d0363169b-07c1-49cf-8de7-3a34cba706fd

Regards,
Siva.

Hello Namish,

Thank you for the detail information.

We will check and confirm you if you need any further information on the same.

Regards,
Siva.
Original Message:
Sent: Aug 30, 2022 11:45 AM
From: Namish Tiwari
Subject: HSTS not implement on symantecVIP

Hi Siva,

Which version of VIP Gateway you are running? HSTS vulnerability can be mitigated if you have SSL enabled in your environment, are you using vipssp or newer MyVIP service in Gateway where you see this issue.
We release 9.10 version of gateway which is released today and this version addresses the HSTS vulnerability issue, you can download it from the VIP manager and test it in your environment, this is also 64 bit architecture as before Gateway were only 32 bit releases.
You can get more details from the release notes -
VIP Enterprise Gateway 9.10 Release Notes

Broadcom		remove preview
VIP Enterprise Gateway 9.10 Release Notes These release notes provide a summary of all new features, resolved issues, and known issues in the release. To upgrade to , you must be running 9.8.4 or later. You can upgrade to either through LiveUpdate or by manual updates. View this on Broadcom >

Please review and let us know if you have any further questions.

Thanks
Namish
Original Message:
Sent: Aug 30, 2022 01:20 AM
From: siva guthula
Subject: HSTS not implement on symantecVIP

Hello Team,

Can any on help on the below query.

Need to enable the HTTP Strict Transport Security (HSTS)  on Symantec VIP to close the VAPT vulnerability.- Is it possible.

From the below community article we do not see any information related to same.

https://community.broadcom.com/HigherLogic/Security/SAML/localSAMLLoginService.aspx?ReturnUrl=https%3a%2f%2fcommunity.broadcom.com%2fparticipate%2fideation-home%2fviewidea%3fIdeationKey%3d0363169b-07c1-49cf-8de7-3a34cba706fd

Regards,
Siva.