Security Vulnerability: CBC ciphers with known IV

  • 7015841
  • 29-Oct-2014
  • 29-Oct-2014


NetIQ eDirectory


Vulnerability checking software reporting that eDirectory LDAP/LDAPS and eDirectory iMonitor are vulnerable to beast attacks because of the usage of CBC ciphers


There are two approaches to removing the vulnerability.

1.  Remove the usage of CBC ciphers.

2. Incorporate the OpenSSL countermeasures at described in

eDirectory LDAP/LDAPS and iMonitor enabled the countermeasure which is included in eDirectory and newer code.


CBC ciphers can be exploited allowing an attacker the ability to impersonate legitimate users on the web.

For more information, see: 

Additional Information