Reset Search



KB15475- PCS False Positive titled "Netscape/OpenSSL Cipher Forcing Bug"

« Go Back


Last Modified Date8/1/2015 10:32 PM
Certain web application scanners may trigger this false positive when a Pulse Connect Secure Platform is scanned for vulnerabilities
Problem or Goal
Certain web application scanners like Qualysguard may indicate that the Pulse Connect Secure Platform running PCS OS is at risk due to the vulnerability titled "Netscape/OpenSSL Cipher Forcing Bug" according to which during SSL communication clients may use a weaker cipher suite than what the server allows.

However after systematic investigation it has been found that Pulse Secure's Connect Secure Platform running PCS OS is not vulnerable to this attack.  PCS OS will only allow clients that use the cipher suites configured under "Configuration > Security". 
Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255