Management Software

Reply
New Member
Posts: 1
Registered: ‎06-16-2017
Accepted Solution

Vulnerabilities on Host Connectivity Manager 3.2.5.0

[ Edited ]

I must solve some vulnerabilities created by the process hcmagent.exe located on C:\Program Files\Brocade\Adapter\driver\util\hbaagent\bin
They are related to weak ciphers and protocols (SSL RC4 etc) . I do not know if some configurations should be applied or there is an update or patch.
SSL Version 2 and 3 Protocol Detection (POODLE)
TLS Version 1.2 Protocol Not Enabled     
SSL RC4 Cipher Suites Supported     
SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
CVE-2016-2183   
CVE-2016-6329   
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
CVE-2014-3566   
SSL RC4 Cipher Suites Supported
CVE-2013-2566   
CVE-2015-2808   
IETF X.509 SSL Certificate Signature Collision Vulnerability
CVE-2004-2761
SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)
CVE-2016-0800   

 

1. I need to know how these vulnerabilities could be solved or how to apply strong ciphers. Could this be done by setting the variable SSLCiphers HIGH instead of ALL in the file abyss.conf?
C:\Program Files\Brocade\Adapter\driver\util\hbaagent\conf\abyss.conf

2. In addition I must solve vulnerabilities related to certificates due to the same process and port. How can be a certificate 2048b/SHA2  imported for this application?

3. Regarding TLS1.2, how can this be set on this application? (the OS registry is already correctly set)

 

any experience on this matter? I have not found information on this in Security Advisories section.

External Moderator
Posts: 4,858
Registered: ‎02-23-2004

Re: Vulnerabilities on Host Connectivity Manager 3.2.5.0

@panizzag

 

HCM is a part of HBA Management Software aquiered by QLOGIC now Acquired by Cavium

 

Fow Update download -if available - please visit www.qlogic.com

 

 

TechHelp24

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.