Environment
NetIQ eDirectory
Situation
Vulnerability checking software reporting that eDirectory LDAP/LDAPS and eDirectory iMonitor are vulnerable to beast attacks because of the usage of CBC ciphers
Resolution
There are two approaches to removing the vulnerability.
1. Remove the usage of CBC ciphers.
2. Incorporate the OpenSSL countermeasures at described in https://www.openssl.org/~bodo/tls-cbc.txt
eDirectory LDAP/LDAPS and iMonitor enabled the countermeasure which is included in eDirectory 8.8.7.4 and newer code.
1. Remove the usage of CBC ciphers.
2. Incorporate the OpenSSL countermeasures at described in https://www.openssl.org/~bodo/tls-cbc.txt
eDirectory LDAP/LDAPS and iMonitor enabled the countermeasure which is included in eDirectory 8.8.7.4 and newer code.
Cause
CBC ciphers can be exploited allowing an attacker the ability to impersonate legitimate users on the web.
For more information, see: http://eprint.iacr.org/2006/136.pdf
For more information, see: http://eprint.iacr.org/2006/136.pdf