ShadsNZ 0 Posted March 10, 2019 Share Posted March 10, 2019 (edited) A security scan reported vulnerabilities on port 2223 (tcp over SSL) of our ESET appliance server. I understand this port is used for communications between the ERA Web Console and ERA Server itself. Where can I configure the ciphers used for this service/port? I've previously changed TLS & Cipher settings for the Web Console itself but can't find the relevant area to configure the service on port 2223 Thanks. ESET Security Management Center (Server), Version 7.0 (7.0.471.0)ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) CentOS Linux 7.6.1810 RESULTS: CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE TLSv1.2 WITH 64-BIT CBC CIPHERS IS SUPPORTED DES-CBC3-SHA RSA RSA SHA1 3DES(168) MEDIUM EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) MEDIUM ECDHE-RSA-DES-CBC3-SHA ECDH RSA SHA1 3DES(168) MEDIUM Edited March 11, 2019 by ShadsNZ Version and OS added. Link to comment Share on other sites More sharing options...
ShadsNZ 0 Posted March 13, 2019 Author Share Posted March 13, 2019 For anyone's future reference, ESET support advised there wasn't a way to modify the ciphers for the service on this port. So we resolved this issue by removing the firewall rule for port 2223 from the appliance. This will impact server assisted installations but we don't utilise that function. iptables -S ip6tables -S iptables -L -n ip6tables -L -n iptables -R INPUT 4 -p tcp --dport 2222 -j ACCEPT ip6tables -R INPUT 4 -p tcp --dport 2222 -j ACCEPT iptables -L -n ip6tables -L -n Note you need to ensure you replace the correct rule (in our case it was line 4). Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted March 14, 2019 ESET Staff Share Posted March 14, 2019 10 hours ago, ShadsNZ said: For anyone's future reference, ESET support advised there wasn't a way to modify the ciphers for the service on this port. So we resolved this issue by removing the firewall rule for port 2223 from the appliance. This will impact server assisted installations but we don't utilise that function. For future reference -> this is actually bug in ESMC itself and should be resolved for upcoming releases. In case there would be no issue, weak ciphers would be disabled in so called "Advanced security" mode which is available in ESMC's configuration. Those weak ciphers are available only for older ERA Agents connecting from even older operating systems (Windows XP, ...) where no secure algorithms were available in system. Peter Randziak 1 Link to comment Share on other sites More sharing options...
elikatz 0 Posted May 1, 2019 Share Posted May 1, 2019 Does the latest version of ESMC fix this issue? (7.0.72.2) Link to comment Share on other sites More sharing options...
Recommended Posts