000028901 - How to remediate the impact of the POODLE vulnerability on RSA ECAT

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000028901
Applies ToRSA Product Set:  RSA ECAT
RSA Version/Condition:  3.5.x, 4.0.x
O/S Version:  Windows 7, Windows 8, Windows Server 2003, Windows Server 2008
Vulnerability ID:  CVE-2014-3566
For a complete list of affected versions of Microsoft Windows, refer to the Microsoft Security Advisory 3009008.
IssueECAT runs on Microsoft Windows and is vulnerable to the POODLE vulnerability (CVE-2014-3566) unless steps are taken to disable the use of SSLv3.
Windows XP Service Pack 3 is the minimum version of Windows required to run ECAT.  Because TLS 1.0 support was introduced in Windows XP Service Pack 3, you can safely disable SSLv3 in the operating system with no impact to ECAT functionality.

ResolutionTo mitigate the effects of POODLE, disable the use of SSLv3 by detailed in the Microsoft knowledgebase article 245030.
NotesFor additional information on how the POODLE vulnerability affects all RSA products, refer to the knowledgebase article Poodle Bite Sandworm .Net MS14-057 OpenSSL Vulnerabilities and Impact in RSA products.