Environment
NetIQ eDirectory
NetIQ iManager 2.7.7
NetIQ iManager 2.7.7
Situation
The "Bar Mitzvah" attach is just another exploit of the known weaknesses old algorithms present, in this case RC4. The weak keys contained in RC4 could allow an attacker to recover plain text from previously captured encrypted traffic.
Therefore, a server would only be vulnerable if the RC4 based ciphers were used. This vulnerability exists because of the availability of the RC4 algorithm in ciphers used by the TLS protocol.
Therefore, a server would only be vulnerable if the RC4 based ciphers were used. This vulnerability exists because of the availability of the RC4 algorithm in ciphers used by the TLS protocol.
Resolution
In order to protect eDirectory LDAP server traffic the bind restrictions must be set to HIGH on the LDAP server object.
When set to high the RC4 algorithm will not be accepted by the server. This can be done by adding a value of 48 to the bind restrictions attribute. For more information please refer to the eDirectory 8.8 Admin Guide in the "Configuring LDAP Services for NetIQ eDirectory" section.
When set to high the RC4 algorithm will not be accepted by the server. This can be done by adding a value of 48 to the bind restrictions attribute. For more information please refer to the eDirectory 8.8 Admin Guide in the "Configuring LDAP Services for NetIQ eDirectory" section.