×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
I just reported this CERT advisory to the IBMi team on IBMi 7.3 and first
response is that it does not impact IBMi?
The CERT advisory recommends that you apply a vendor patch or you disable
ALL RSA ciphers.
Obviously this will cause issues with TLS connections.
I am already seeing this vulnerability show up on our vulnerability
scanning reports.
I also noticed that when running an SSL test with SSLLabs (
https://www.ssllabs.com/ssltest/)
our web servers, effective 2-1-18, SSL Labs will downgrade the TLS/SSL
ratings to an "F".
Anyone else seeing similar issues?
Jim
Cert Info:
CERT Coordination Center (CERT/CC) has released information on a Transport
Layer Security (TLS) vulnerability. Exploitation of this vulnerability
could allow an attacker to access sensitive information.
The TLS vulnerability is also known as Return of Bleichenbacher's Oracle
Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary
to decrypt TLS traffic under certain conditions. Mitigations include
installing updates to affected products as they become available. US-CERT
encourages users and administrators to review CERT/CC Vulnerability Note
VU #144389.
http://www.kb.cert.org/vuls/id/144389
More information here:
https://robotattack.org/
Jim W Grant
Senior VP, Chief Information Officer
Web: www.pdpgroupinc.com
midrange.com
