BugZero found this defect 951 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
10/13/2021
AuthPoint
All
AuthPoint
All
The AuthPoint Gateway uses TCP ports 9000-9003 for communication between the different AuthPoint Gateway components. Network security scans might detect these service ports as insecure because they allow TLS 1.0 or TLS 1.1 connections.
Protocols and ciphers allowed by the AuthPoint Gateway come from Java. Most versions of Java 8 and Java 11 allow TLS 1.0 and TLS 1.1 by default. You can disable support for TLS 1.0/TLS 1.1 from the JRE. To disable support for TLS 1.0\TLS 1.1 in Java: Find the java.security configuration file. Based on which version of Java is installed, this file will be in one of these locations: Java 8: %JAVA_HOME%/jre/lib/security/java.securityJava 11: %JAVA_HOME%/conf/security/java.security Open the java.security file, and locate the jdk.tls.disabledAlogrithms line.Add TLSv1 and TLSv1.1 to the comma separated list of values. Before:jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL After:jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL After you update and save the java.properties file, restart the AuthPoint Gateway services so that the change takes effect.