000028901 - How to remediate the impact of the POODLE vulnerability on RSA Endpoint

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Oct 21, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000028901
Applies ToRSA Product Set:  RSA ECAT / RSA Endpoint
RSA Version/Condition:  4.4.x
O/S Version:  Windows 7, Windows 8, Windows Server 2003, Windows Server 2008
Vulnerability ID:  CVE-2014-3566

For a complete list of affected versions of Microsoft Windows, refer to the Microsoft Security Advisory 3009008.
IssueRSA ECAT / RSA Endpoint runs on Microsoft Windows and is vulnerable to the POODLE vulnerability (CVE-2014-3566) unless steps are taken to disable the use of SSLv3.

Windows 2008 R2 is the minimum version of Windows required to run Endpoint.
Where TLS 1.0 support was introduced in Windows XP Service Pack 3, you can safely disable SSLv3 in the operating system with no impact to Endpoint functionality.

ResolutionTo mitigate the effects of POODLE, disable the use of SSLv3 by following the detailed instructions in the Microsoft knowledgebase article 245030.
NotesFor additional information on how the POODLE vulnerability affects all RSA products, refer to the knowledgebase article Poodle Bite Sandworm .Net MS14-057 OpenSSL Vulnerabilities and Impact in RSA products.