Welcome to our NEW support portal! We are now One Identity, with a dedicated support site. Learn more.
Is Management Console for Unix affected by the DROWN vulnerability? CVE-2016-0800
'Decrypting RSA with Obsolete and Weakened eNcryption' - DROWN
More information on the DROWN issue can be found at the following links:
Note that this same resolution will also disable SSLv2 and SSLv3.
This vulnerability only affects SSL version 2.
Therefore in order to resolve this issue, the underlying web server (Jetty) should have SSLv2 disabled.
This is done via the jetty.xml file.
On Windows the jetty.xml file will be in this location assuming default install:
C:\Program Files (x86)\Quest Software\Management Console for Unix\etc\jetty.xml
On Unix or Linux it will be in this location:
The file can be edited using notepad or vi.
Afterwards the service will need to be restarted.
On Windows servers:
Start > Run > services.msc find 'Quest One Management Console for Unix' then right click and select Restart.
On Unix or Linux the following command will restart the service:
# /opt/quest/mcu/mcu_service restart