[NMS-13845] TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: Meridian-2021.1.3
Fix Version/s: Meridian-2021.1.12, Meridian-2022.1.0, 29.0.7
Component/s: None
Security Level: Default (Default Security Scheme)
Labels:
- quickwin
- security-low

Sprint:
Horizon 22 - Feb 2 - Feb 16, Horizon 22 - Feb 16 - Mar 2
HB Backlog Status:
NB

Description

Vulnerability Description: The SSL/TLS service uses Diffie-Hellman groups with insufficient strength i.e., key size less than 2048 bits.

Evidence: rpc12620.corp.ncr.com

Impact: An attacker might be able to decrypt the SSL/TLS communication offline.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2021-12-10-11-48-37-614.png
23 kB
10/Dec/21 6:18 AM
jetty.xml congiguration for HTTPS.png
9 kB
11/Feb/22 6:35 PM

Issue Links

related to

NMS-13931 NCR Pentest report

Open

mentioned in: Page Loading...

Activity

People

Assignee:: Alberto

Reporter:: Gaurav Pande

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/Dec/21 6:19 AM

Updated:: 17/Mar/22 8:05 PM

Resolved:: 22/Feb/22 7:41 PM

HB Grooming Date:: 14/Dec/21