|Applies To||Authentication Manager Express / AMX 1.0|
|Issue||AMX 1.0 hotfix for CVE-2014-3566/POODLE - manual instructions|
AMX Hotfix for:
AM-28570 - Limits certain ports used for https browser connections to use only TLSv1. Addresses the POODLE vulnerability (CVE-2014-3566) associated with padding in messages encrypted by CBC ciphers under SSLv3. This fix must be applied to all primary and replica systems.
CVE-2014-3566 is a medium-low level vulnerability (CVSSv2 score 4.3) which requires that the victim voluntarily interact with a man-in-the-middle attacker to allow them to alter the padding in messages sent via SSLv3 with CBC cipher encryption.
|Resolution||To apply the hotfix which adds a restriction requiring TLSv1 on certain ports for AMX -|
providing the required password when requested, to become the “rsaadmin” user.
cp BiztierServerWrapper.conf BiztierServerWrapper.conf-ORIG
cp ConsoleServerWrapper.conf ConsoleServerWrapper.conf-ORIG
For each of the above files, locate the line beginning with “wrapper.java.additional.” which currently has the largest number following this prefix. Add a new line starting in the first column after the previously identified line. The new line will have the form:
chmod 755 AdminServerWrapper.conf BiztierServerWrapper.conf ConsoleServerWrapper.conf
./rsaserv start all