shaunglass
New Member.
1752 views

Vulnerabilities

Good Day,

We have weekly Nessus scans and I cannot seem to get rid of the following :

SSL Medium Strength Cipher Suites Supported (SWEET32) TCP 389
SSL Medium Strength Cipher Suites Supported (SWEET32) TCP 636
SSL Medium Strength Cipher Suites Supported (SWEET32) TCP 8030
SSL RC4 Cipher Suites Supported (Bar Mitzvah) TCP 8030
SSL Null Cipher Suites Supported TCP 389
SSL Null Cipher Suites Supported TCP 636
SSL Null Cipher Suites Supported TCP 8030


I have set the ciphers to high for the ldap server ? We have 8.8 sp8.

Anyone have any idea ... btw I am aware of the following :

https://support.microfocus.com/kb/doc.php?id=7015988

Regards
Labels (1)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: Vulnerabilities

shaunglass wrote:

> We have 8.8 sp8


Which patch level is that? 8.8.8.0-8.8.8.11 plus some intermediate Hotfixes
have been released over the years. ndsstat will tell exactly.
Have a look at https://support.microfocus.com/kb/doc.php?id=3426981 to see if
any of your issues is mentioned in the LDAP (389/636) and iMonitor (8030)
sections.

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: Vulnerabilities

shaunglass wrote:

> I have set the ciphers to high for the ldap server ?


Can you post the output of "ldapconfig get" so we can see what Edir actually
sees as configuration?

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
shaunglass
New Member.

Re: Vulnerabilities

lhaeger;2499950 wrote:
shaunglass wrote:

> I have set the ciphers to high for the ldap server ?


Can you post the output of "ldapconfig get" so we can see what Edir actually
sees as configuration?

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)


As follows :

LDAP Server Configuration:
LDAP Server: CN=LDAP Server - srv005648.OU=servers.O=services
LDAP Group: CN=LDAP Group - srv005648.OU=servers.O=services
LDAP Screen Level: Connection| Error| Critical
searchSizeLimit: 0
searchTimeLimit: 0
LDAP Server Bind Limit: 0
LDAP Server Idle Timeout: 0
LDAP Enable TCP: no
LDAP Enable SSL: no
filteredReplicaUsage: 0
LDAP:keyMaterialName: onlineds-mnt-ad
nonStdClientSchemaCompatMode: no
ldapNonStdAllUserAttrsMode: yes
sslEnableMutualAuthentication: no
ldapEnablePSearch: yes
ldapMaximumPSearchOperations: 0
ldapIgnorePSearchLimitsForEvents: yes
ldapTLSTrustedRootContainer: .CN=Trusted Roots.CN=Security.T=ONLINEDS-MNT.
ldapTLSVerifyClientCertificate: 0
ldapEnableMonitorEvents: yes
ldapMaximumMonitorEventsLoad: 0
ldapTLSRequired: no
ldapBindRestrictions: 177 (Disallow Anonymous Bind)
ldapGeneralizedTime: no
ldapPermissiveModify: no
ldapInterfaces: ldap://:389,ldaps://:636
Require TLS for Simple Binds with Password: no
LDAP:searchReferralUsage: Prefer Chaining
LDAP:otherReferralUsage: Prefer Chaining

Product Version: eDirectory for Linux x86_64 v8.8 SP8 [DS]
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.