RV082 v3, SSL Server Allows Cleartext Communication Vulnerabilit

Chris Gerrow · ‎03-26-2013

Hello, looking for some guidance here...

Have multiple RV082 v3's running the latest code level (RV0XX-v4.2.1.02-20120118-code)

and they are being scanned from the corporate side and they are tell me there is a "SSL Server Allows Cleartext Communication Vulnerability"

I've tried a couple things but the vulnerability keeps reappearing on the scans.

They recently passed this info along to me which sounds like a firmware concern.

Here are the ciphers currently accepted. The ADH ones are the cause of the problem, since ADH stands for "Anonymous Diffie Hellman"

Testing SSL server x.x.x.x on port 443

Supported Server Cipher(s):

Accepted SSLv3 256 bits DHE-RSA-AES256-SHA

Accepted SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA

Accepted SSLv3 256 bits ADH-AES256-SHA

Accepted SSLv3 256 bits ADH-CAMELLIA256-SHA

Accepted SSLv3 256 bits AES256-SHA

Accepted SSLv3 256 bits CAMELLIA256-SHA

Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA

Accepted SSLv3 168 bits ADH-DES-CBC3-SHA

Accepted SSLv3 168 bits DES-CBC3-SHA

Accepted TLSv1 256 bits DHE-RSA-AES256-SHA

Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA

Accepted TLSv1 256 bits ADH-AES256-SHA

Accepted TLSv1 256 bits ADH-CAMELLIA256-SHA

Accepted TLSv1 256 bits AES256-SHA

Accepted TLSv1 256 bits CAMELLIA256-SHA

Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA

Accepted TLSv1 168 bits ADH-DES-CBC3-SHA

Accepted TLSv1 168 bits DES-CBC3-SHA

Looking fro some guidance on where the problem might be.

Thanks.

mpyhala · ‎03-26-2013

Hi Chris,

I think the router supports SSLv2, which causes it to fail some security audits. If I recall correctly, the workaround is to forward port 443 to a non-existant IP address on the LAN. That way when there is a scan there is no response.

Chris Gerrow · ‎03-28-2013

Great information, thank you! Any guidance or documentation on how to implement the workaround?

Thanks!

RV082 v3, SSL Server Allows Cleartext Communication Vulnerability