SSL3.0 Vulnerability - "POODLE" and TPAM (CVE-2014-3566) (4347571)

SSL3.0 Vulnerability - "POODLE" and TPAM (CVE-2014-3566)

A discovered vulnerability in the SSL 3.0 protocol leaves it open to a "man in the middle" attack. According to Microsoft, the vulnerability is not considered high risk due to the fact that hundreds of HTTPS requests would have to be made to allow the attack to be successful.

Please see Microsoft Security Advisory 3009008 for more information.

For additional details on the vulnerability please see CVE-2014-3566 from "Common Vulnerabilities and Exposures".

We suggest disabling SSL 3.0 within client browsers via Group Policy, etc. This is considered best practice in order to protect all systems, and is recommended by Microsoft, as per the article provided above.

Versions of TPAM 2.5.913 and above disable SSL3 by default. In previous versions you can and apply Hotfix_6815 to disable SSL 3.0 in TPAM. 

STATUS

Version 2.5.913+

SSL 3.0 is disabled.

Version 2.5.904 - 2.5.912

Hotfix_6815

This hotfix removes SSL 3.0 as a valid protocol in TPAM web service. Additionally, TLSv1.1 & TLSv1.2 have been enabled.

Key:P6wCsqmsc5
Option:/genkey

Please note that a restart of the appliance is required following the application of the hotfix.

Version 2.3.x and 2.4.x