POODLE vulnerability: Disabling SSL v3 on the Nimsoft Hub

Document ID : KB000034613
Last Modified Date : 18/04/2018
Show Technical Document Details
Introduction:

 


Recently, a vulnerability known as "POODLE" was discovered in the SSL v3 protocol.

Because exploiting this vulnerability requires a "man-in-the-middle" attack, we consider it relatively unlikely that this exploit could be used to compromise or gain unauthorized access to a Nimsoft system. In most cases, an attacker who has access and knowledge necessary to implement this style of attack specifically in a Nimsoft hub environment has likely already got enough access to make exploiting this bug non-useful. ?However, many organizations are requiring that SSL v3 be disabled in products which could potentially be vulnerable, and this is possible to do with the Nimsoft hub and tunnel configuration, so we've published these instructions for those who require it.

 
Instructions:
To disable SSL v3 for hub-to-robot communications:

1. Open the hub GUI
2. From the main screen click the "Settings" button.
3. From the Advanced Settings window navigate to the SSL tab
4. Enter the following string for "Cipher Type":

RC4-SHA

This will disable all POODLE-vulnerable ciphers.


Hub GUI - Advanced - SSL

Automated scanning tools may still report that SSLv3 is enabled - but the ciphers which specifically can be exploited by POODLE will be disabled, so the system will no longer be vulnerable to the exploit.

It is possible that some scanning tools may no longer report the vulnerability if you change the above to RC4-SHA1 instead of RC4-SHA, but our testing has shown that RC4-SHA is not actually vulnerable to POODLE.

To disable SSL v3 for hub-to-hub (tunnel) communications, take the following steps on all tunnel server hubs:

1. Open the hub GUI
2. Navigate to the "Tunnels" tab
3. Navigate to the "Server Configuration" tab
4. under the "Security Settings" section, choose the "Custom" radio button.
5. In the custom text box, enter the same string as above (RC4-SHA or RC4-SHA1).

Hub GUI - Tunnel Tab

IMPORTANT NOTE: After making this change, you will need to re-create your tunnel client certificates and re-create your tunnel connections using these newly-generated certificates.

keywords: Robot version accepts SSLv3 connections connection ssl SSL v3 version 3 poodle vulnerability security concern concerns robot