A security scan found vulnerability CVE-2015-4000 on Foglight Management Server SSL ports 8443 and 4444.
This is described in NIST's page as:
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
A new security scan with the same tool would be ideal to confirm the vulnerability is now resolved.
Update: This has been logged as FOG-657 and FGL-20482. Foglight version 5.9.8 should already have this fix in place.
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz