Reset Search
 

 

Article

KB15475- PCS False Positive titled "Netscape/OpenSSL Cipher Forcing Bug"

« Go Back

Information

 
Last Modified Date8/1/2015 10:32 PM
Synopsis
Certain web application scanners may trigger this false positive when a Pulse Connect Secure Platform is scanned for vulnerabilities
Problem or Goal
Cause
Solution
Certain web application scanners like Qualysguard may indicate that the Pulse Connect Secure Platform running PCS OS is at risk due to the vulnerability titled "Netscape/OpenSSL Cipher Forcing Bug" according to which during SSL communication clients may use a weaker cipher suite than what the server allows.

However after systematic investigation it has been found that Pulse Secure's Connect Secure Platform running PCS OS is not vulnerable to this attack.  PCS OS will only allow clients that use the cipher suites configured under "Configuration > Security". 
 
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255