Is HP Network Automation affected by FREAK and LogJam vulnerability?

Document ID:KM01742614
Creation Date:17-Jul-2015
Modified Date:15-Oct-2015
- Micro Focus Products:
  network automation

Summary

This article list the details about Network Automation, FREAK and LogJam vulnerability.

Question

The following Network Automation versions are affected by FREAK and LogJam vulnerability:

- NA 9.1x
- NA 9.20
- NA 9.21

Newer versions use a higher Java version and are not deemed to be affected by FREAK and LogJam (based upon the official definitions of these vulnerabilities).

FREAK and LogJam occur because export cyphers deemed to be of weak or medium security are available. This situation is commonly identified by a security scan.

The fix is to apply the latest version of the NA patch (or to upgrade to NA 10.xx) to upgrade the Java version used by NA. This Java version disables the use of export cyphers.

Additionally, for LogJam, there is a second issue regarding DH groups, sometimes referred to by web browsers as ephemeral keys. The result of this issue is the potential loss of web browser connectivity based upon the length of the available ephemeral keys. The official definition of LogJam specifies that keys of fewer than 512 bits are affected. Newer web browser versions require the use of 1024-bit epheremal keys.

For this second LogJam issue, see Method 2 in the specification for Mozilla Firefox (https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01733196).

As of this publication date, Microsoft Internet Explorer is not known to be impacted.

Answer

How to fix the FREAK and LogJam vulnerability in NA 9.1x?

You must upgrade to Network Automation 10.x and is recommend to install the latest available patch of NA.

If upgrading to NA 10.x is not possible, then upgrade from NA 9.1x to NA 9.20 and then follow the instructions below for NA 9.20.

How to fix the FREAK and LogJam vulnerability in NA 9.20?

The latest available patch of NA 9.20 must be installed. At the moment of writing this document the latest patch is 9.22.02.

Install NA 9.22.02 patch:

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01514575

For more information, see the following documents:

NA 9.22.02 Security Configuration Guide (https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/KM01512941)
NA 10.00.01 Security Configuration Guide (https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01512943)
NA 10.10 Hardening Guide (https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01574422)