|Applies To||RSA Product Set: RSA ECAT|
RSA Version/Condition: 3.5.x, 4.0.x
O/S Version: Windows 7, Windows 8, Windows Server 2003, Windows Server 2008
Vulnerability ID: CVE-2014-3566
For a complete list of affected versions of Microsoft Windows, refer to the Microsoft Security Advisory 3009008.
|Issue||ECAT runs on Microsoft Windows and is vulnerable to the POODLE vulnerability (CVE-2014-3566) unless steps are taken to disable the use of SSLv3.|
Windows XP Service Pack 3 is the minimum version of Windows required to run ECAT. Because TLS 1.0 support was introduced in Windows XP Service Pack 3, you can safely disable SSLv3 in the operating system with no impact to ECAT functionality.
|Resolution||To mitigate the effects of POODLE, disable the use of SSLv3 by detailed in the Microsoft knowledgebase article 245030.|
|Notes||For additional information on how the POODLE vulnerability affects all RSA products, refer to the knowledgebase article Poodle Bite Sandworm .Net MS14-057 OpenSSL Vulnerabilities and Impact in RSA products.|