ePolicy Orchestrator Sustaining Statement (SSC1506021) - Logjam attack vulnerability
Last Modified: 2023-08-14 10:52:58 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
ePolicy Orchestrator Sustaining Statement (SSC1506021) - Logjam attack vulnerability
Technical Articles ID:
KB84878
Last Modified: 2023-08-14 10:52:58 Etc/GMT EnvironmentePolicy Orchestrator (ePO) 5.x
SummaryThis document describes the support position of Sustaining Engineering relative to our applications.
Overview This document addresses concerns about ePO and the Logjam attack vulnerability. See CVE-2015-4000 for details. Description We've received two notices dealing with the Initial Notice: Second Notice: Threats from state-level adversaries. Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed that it was safe, as long as new key exchange messages were generated for every connection. But, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections. Engineering carried out this computation against the most common 512-bit prime used for TLS and demonstrated that the Research and Conclusions At the time of the initial vulnerability announcement, the ePO team performed a collaborative risk assessment and determined that ePO was not affected by this issue. The original reason was due to exceeding the <512-bit export grade cryptography initially identified. ePO versions that are vulnerable Upon the second revision and risk assessment, it was concluded that ePO is vulnerable based on the new criteria for state-level adversaries. The ePO team has upgraded the version of OpenSSL and bit-grade cryptography for:
NOTE: All ePO versions named above have reached End of Life.
ePO versions that aren't vulnerable ePO 5.10.x and ePO 5.9.x are not affected. Disclaimer Any future product release dates mentioned in this statement are intended to outline our general product direction and mustn't be relied on in making a purchasing decision:
Affected ProductsLanguages:This article is available in the following languages: |
|