OpenSSL 1.0.2o-fips

Path Finder

Running Splunk Enterprise Version: 7.2.0 Build: 8c86330ac18 on Windows Server 2012R2.

Ran Nessus Professional Version 8.0.1 (#155) WINDOWS scan and received this low risk finding:

     OpenSSL AES-NI Padding Oracle MitM Information Disclosure
     "It was possible to obtain sensitive information from the remote host
     with TLS-enabled services."    
    "The remote host is affected by a man-in-the-middle (MitM) information
     disclosure vulnerability due to an error in the implementation of
     ciphersuites that use AES in CBC mode with HMAC-SHA1 or HMAC-SHA256.
     The implementation is specially written to use the AES acceleration
     available in x86/amd64 processors (AES-NI). The error messages
     returned by the server allow allow a man-in-the-middle attacker to
     conduct a padding oracle attack, resulting in the ability to decrypt
     network traffic."  
     Upgrade to OpenSSL version 1.0.1t / 1.0.2h or later.

Checked OpenSSL version like this:

      E:\Splunk\bin>splunk cmd openssl version
      OpenSSL 1.0.2o-fips  27 Mar 2018

If I'm already using OpenSSL 1.0.2o-fips why is the vulnerability still there?

0 Karma

Path Finder

I should add that this is CVE-2016-2107.

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...