TLS 1.x padding vulnerability CVE-2014-8730 and its impact on Sentinel, Sentinel Log Manager and Security Manager

  • 7016067
  • 14-Jan-2015
  • 14-Jan-2015

Environment

NetIQ Sentinel 7.0
NetIQ Sentinel 7.1
NetIQ Sentinel 7.2
NetIQ Sentinel Log Manager 1.2
NetIQ Security Manager 6.5.4

Situation

The original Poodle vulnerability (CVE-2014-3566) involved SSLv3's inability to properly check the padding bytes after decryption. This led to these bytes not being considered while checking the integrity of a message. 

A new announcement came that there was a Poodle variant re purposed to attack TLS (CVE-2014-8730).

For more information about Sentinel and CVE-2014-3566 'POODLE', see TID#7016068

Resolution

The engineering team has determined that Sentinel, Sentinel Log Manager and Security Manager are not affected by this vulnerability.

This vulnerability is not in the TLS protocol itself but in how it is implemented. The components of Sentinel, Sentinel Log Manager and Security Manager use the following TLS implementations which are not affected by this vulnerability:

Additional Information

For more information about Sentinel and CVE-2014-3566 'POODLE', see TID#7016068

Feedback service temporarily unavailable. For content questions or problems, please contact Support.