Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-203

TLSV1.0 PROTOCOL ENABLED

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Unresolved
    • Component/s: BenAdmin
    • Labels:
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed

      Description

      Vulnerability Description
      Transport Layer Security (TLS) version 1.0 has been found to contain protocol-level weaknesses.

      Impact
      Given the theoretical nature of attacks on TLS 1.0, supporting TLS 1.0 is not a risk-oriented decision. That being said, history has shown that as cryptographic attacks age, they get stronger (i.e. easier to exploit).

      Verification and Attack Information
      Praetorian verified the TLS v1.0 protocol was enabled on the application server using SSLScan, an automated SSL/TLS scanning tool. The application server accepted the TLS v1.0 protocol, as shown in the images below.

      Recommendation
      Praetorian recommends following Mozilla’s SSL/TLS (see reference below) configuration suggestions as a guide for ciphersuite support. These configurations provide high-security and high-availability to SSL/TLS clients.

      References
      https://mozilla.github.io/server-side-tls/ssl-config-generator/
      https://cipherli.st/
      https://www.wolfssl.com/wolfSSL/Blog/Entries/2010/12/14_A_Comparison_of_TLS_1.1_and_TLS_1.2.html

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          vijayendra Vijayendra Shinde (Inactive) created issue -
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Field Original Value New Value
          Assignee Vijayendra Shinde [ ID10506 ]
          Hide
          Permalink
          vijayendra Vijayendra Shinde (Inactive) added a comment -

          "IE 8.0 and IE 9.0 compatibilty should be removed.
          Business need, As of not to be considered.

          By design"

          Show
          vijayendra Vijayendra Shinde (Inactive) added a comment - "IE 8.0 and IE 9.0 compatibilty should be removed. Business need, As of not to be considered. By design"
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Labels Security
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Production Complete(10222)Level 1 values: Closed(10223)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status New Request [ 10029 ] Pending for Approval [ 10002 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Pending for Approval [ 10002 ] Rejected [ 10004 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Rejected [ 10004 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times
          Vijayendra Shinde (Inactive) made transition -
          New Request Pending for Approval
          		112d 26m 1
          Vijayendra Shinde (Inactive) made transition -
          Pending for Approval Rejected
          		4s 1
          Vijayendra Shinde (Inactive) made transition -
          Rejected Closed
          		2s 1

            People

            Assignee:
            vijayendra Vijayendra Shinde (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: