• Welcome to InfoExpress Support Forums. Please login or sign up.
 
June 25, 2021, 06:24:11 AM

News:

Please register to gain access to the private support forums.


Open SSL Vulnerability (CVE-2014-0024) & its impact on InfoExpress Products

Started by nauman, June 11, 2014, 03:41:18 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

nauman

Overview:
OpenSSL is an open source implementation of the SSL and TLS protocols. It is widely used in web servers including Apache Webserver.

With this vulnerability OpenSSL clients and servers could be forced, via a handshake packet, to use a weak keying material for communication. A man–in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

Although this vulnerability is similar to Heartbleed vulnerability, it is difficult to exploit since the attacker has to be able to intercept the traffic between the client and server before exploiting it.

Impact on InfoExpress Products:
The only InfoExpress products impacted with this vulnerability are CGS (CyberGatekeeper Server) and CGX appliance (all versions affected).  Customers have not reported any impact on InfoExpress products in regards to this vulnerability.

InfoExpress's other products such as FRAMD, Authentication Server, Policy Manager and Agents are not impacted.

The severity rating for this impact is Medium.

Solution:
InfoExpress is going to release a patch soon containing OpenSSL version openssl-0.9.8e-27.el5_10.3 for the CyberGatekeeper appliance. This page will be updated with the download link once the update is available.

UPDATE June 13, 2014
The patches are available. Please contact InfoExpress Support (support@infoexpress.com) to get them.