Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 8641 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.0 upgraded and agents still show vulnerability on TLS / SSL

Hariharan Chandrasekaran

Hello A

 

We have 2 Enterprise Consoles in our environment and cater to only 1200 + servers alone with no workstations. We had this vulnerability of TLS / SSL surfaced around 6 months back and at that time we had both our console on 5.4.0 Version.

 

When we raised a ticket with Sophos for a fix on this we were assured that post upgrade to 5.5.0 i.e. latest version of Sophos all agents would forcibly use TLS 1.2 and this vulnerability would be eliminated.

 

Now that we have our both SEC consoles on 5.5.0 version on a latest scan report of yesterday we could find that there are still agents facing SSL / TLS vulnerability and issue still prevails. We were surprised and shocked to see this. Clients have raised serious concerns on this issue and we need a immediate fix on this. What do we do ?



This thread was automatically locked due to age.
  • 0

    Hello Hariharan Chandrasekaran,

    internal or external audits or why the concern (or concerns) over the vulnerability?

    Question is, what does this scan scan? There's a thread from about a year ago when 5.4.1 came out. Meanwhile RMS has been updated and it seems the 1.2 is advertised [Edit] dunno what I have looked at, just traced again, it's still saying 0x160301 [/Edit] in the Client Hello [Edit] but it might still be the case that without the LegacyProtocolSupport disabled on the endpoint the scan would "find" TLS 1.0. in both directions. [/Edit] 

    Christian 

  • 0 in reply to QC

    This scan is carried out by Qualys tool within our account which has surfaced this vulnerability on TLS / SSL using TLS 1.0 & TLS 1.1.

     

    We had given an assurance that post upgrade from 5.4.0 to 5.5.0 we would not see this vulnerability. This was confirmed by Sophos technical engineers as well when we had initially logged a case to know the workaround for this vulnerability.

     

    How do we make sure that all agents communicate via TLS 1.2 only and use SHA-2 Certs

  • 0 in reply to Hariharan Chandrasekaran

    Hello Hariharan Chandrasekaran,

    it's not clear what this tool actually does and how it assesses that 1.0/1.1 is in use.
    As far as I can see the "server" responds with an 1.2 Hello and TLS 1.2 is subsequently used for communication. Regarding SHA-2 please see this post by Vikas.

    Christian

  • 0

    Any new updates as TLS 1.0 & TLS 1.1 is still active on all the servers after carrying out below commands

     

    Windows:

    1. Delete the pkc/pkp values from the following registry keys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router\Private\
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private\
      HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Remote Management System\ManagementAgent\Private\
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\
    2. Restart the Sophos Message Router and Sophos Agent services

     

    What do we do now as this is not working for us

Unfiltered HTML