Technical FAQs

Ask a Question

Are NetBotz appliances vulnerable to the "Freak" exploit (CVE-2015-0204)?

Issue:

Are NetBotz appliances vulnerable to the "Freak" exploit (CVE-2015-0204)

Product Line:

NetBotz

Environment:

NetBotz version 2 and 3

Cause:

CVE-2015-0204
Severity: Low

An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.

Resolution:
In order for FREAK to be exploited, the following things are needed:

A broken or old browser
a server that supports EXPORT algorithms
a successful man in the middle attack

Recommendations are that our customers check their browser versions and make sure that they have versions
that are not affected.  Without an effected browser, this attack is not possible.  The browser should not have a buggy TLS
library and should not accept EXPORT algorithms (as well as other weak ciphers).

On the server side, this issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

Version 3 NetBotz will be updated with the newer version of OpenSSL to resolve this issue in version 4.5 of the NetBotz (Botzware) firmware.
Version 2 NetBotz will not be updated.

Please contact NetBotz technical support in your region if you have further questions.
 
Was this helpful?
What can we do to improve the information ?