This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.0 upgraded and agents still show vulnerability on TLS / SSL

Hariharan Chandrasekaran over 6 years ago

Hello A

We have 2 Enterprise Consoles in our environment and cater to only 1200 + servers alone with no workstations. We had this vulnerability of TLS / SSL surfaced around 6 months back and at that time we had both our console on 5.4.0 Version.

When we raised a ticket with Sophos for a fix on this we were assured that post upgrade to 5.5.0 i.e. latest version of Sophos all agents would forcibly use TLS 1.2 and this vulnerability would be eliminated.

Now that we have our both SEC consoles on 5.5.0 version on a latest scan report of yesterday we could find that there are still agents facing SSL / TLS vulnerability and issue still prevails. We were surprised and shocked to see this. Clients have raised serious concerns on this issue and we need a immediate fix on this. What do we do ?

This thread was automatically locked due to age.

Parents

0 QC over 6 years ago

Hello Hariharan Chandrasekaran,

internal or external audits or why the concern (or concerns) over the vulnerability?

Question is, what does this scan scan? There's a thread from about a year ago when 5.4.1 came out. Meanwhile RMS has been updated and it seems the 1.2 is advertised [Edit] dunno what I have looked at, just traced again, it's still saying 0x160301 [/Edit] in the Client Hello [Edit] but it might still be the case that without the LegacyProtocolSupport disabled on the endpoint the scan would "find" TLS 1.0. in both directions. [/Edit]

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 6 years ago

Hello Hariharan Chandrasekaran,

internal or external audits or why the concern (or concerns) over the vulnerability?

Question is, what does this scan scan? There's a thread from about a year ago when 5.4.1 came out. Meanwhile RMS has been updated and it seems the 1.2 is advertised [Edit] dunno what I have looked at, just traced again, it's still saying 0x160301 [/Edit] in the Client Hello [Edit] but it might still be the case that without the LegacyProtocolSupport disabled on the endpoint the scan would "find" TLS 1.0. in both directions. [/Edit]

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Hariharan Chandrasekaran over 6 years ago in reply to QC

This scan is carried out by Qualys tool within our account which has surfaced this vulnerability on TLS / SSL using TLS 1.0 & TLS 1.1.

We had given an assurance that post upgrade from 5.4.0 to 5.5.0 we would not see this vulnerability. This was confirmed by Sophos technical engineers as well when we had initially logged a case to know the workaround for this vulnerability.

How do we make sure that all agents communicate via TLS 1.2 only and use SHA-2 Certs
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 6 years ago in reply to Hariharan Chandrasekaran

Hello Hariharan Chandrasekaran,

it's not clear what this tool actually does and how it assesses that 1.0/1.1 is in use.
As far as I can see the "server" responds with an 1.2 Hello and TLS 1.2 is subsequently used for communication. Regarding SHA-2 please see this post by Vikas.

Christian
Cancel
Vote Up 0 Vote Down

Cancel