Authentication Manager

Customers report that their scanning software generated a report suggesting that Authentication Manager is showing one or more OpenSSL vulnerabilities.

This article provides information on Authentication Manager and OpenSSL.

SUSE Enterprise Linux (SLES) uses OpenSSL to handle security protocols and encryption across applications and services. OpenSSL is a critical component for ensuring secure data transfer, authentication, and encryption across applications in SLES. It is included and installed by default as part of the operating system’s core packages/base installation. SUSE regularly provides patches and updates for OpenSSL to address vulnerabilities, ensuring compliance with security standards and protecting against emerging threats.

To view OpenSSL versions included with different SLES releases, refer to the SUSE knowledge base here. You can also consult release notes for specific SLES versions in SUSE’s official documentation at https://documentation.suse.com/.

If your scanning tool or report indicates a potential OpenSSL vulnerability in Authentication Manager, you can verify the OpenSSL version and dependencies by following these steps:

1. SSH into the server as the rsaadmin user.
2. Once logged in, elevate privileges to root by running the command: sudo su -.
3. Run zypper info openssl to get the SLES component version information.
4. To list all dependencies, use zypper info --requires openssl or rpm -qR openssl.

Note: The output of the openssl version command only provides the publicly declared version of the tool for interface compatibility.

RSA regularly releases updates for SLES and other components. Keeping your system up to date is crucial for security. For further queries, please contact customer support.