Is NAM sesceptible to Cross-protocol attack on TLS using SSLv2 (DROWN)

  • 7017317
  • 01-Mar-2016
  • 01-Mar-2016

Environment

NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.0

Situation

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.  Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting

SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800).

Is NAM susceptible to this attack?

Resolution

Make sure that the SSLv2 protocol is disabled - it should be as a best practice. The following doc outlines the changes needed to get a secure environment with NAM, as well as disabling SSLv2 and export level ciphers - https://www.netiq.com/communities/cool-solutions/howto-get-an-a-rating-for-access-manager-against-ssl-labs/