Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 11686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS ROBOT Vulnerability Detected on port 8194

Hariharan Chandrasekaran

Hello Team

 

We had a internal scan from one of the tool Vulnerability Assessment tool used withing our environment "Qualys", from this we got to know on one of the latest scans TLS ROBOT Vulnerability Detected on port 8194

 

So do we have fix from Sophos to remediate this vulnerability ??



This thread was automatically locked due to age.
Parents
  • 0

    I have been reliably informed (and it's been tested internally) that RMS is not vulnerable to the ROBOT attack, it seems that the commercial Qualys tool is showing a false positive. OpenSSL is not supposed to be vulnerable to ROBOT generally and we do not modify it within RMS so there is doubt about this being a genuine detection.

    It would be good if more of you could try this tool:  https://qualys.secure.force.com/articles/How_To/000002963 and let us know the result, we see that RMS port 8194 is not vulnerable, as reported by the python script (“no working oracle found”).

    Thanks,

    Darren.

Reply
  • 0

    I have been reliably informed (and it's been tested internally) that RMS is not vulnerable to the ROBOT attack, it seems that the commercial Qualys tool is showing a false positive. OpenSSL is not supposed to be vulnerable to ROBOT generally and we do not modify it within RMS so there is doubt about this being a genuine detection.

    It would be good if more of you could try this tool:  https://qualys.secure.force.com/articles/How_To/000002963 and let us know the result, we see that RMS port 8194 is not vulnerable, as reported by the python script (“no working oracle found”).

    Thanks,

    Darren.

Children
No Data
Unfiltered HTML