Software security scanner reports 'SSL Server Allows Anonymous Authentication' or 'SSL Anonymous Cipher Suites supported' with PowerChute Business Edition.
PowerChute Business Edition
All support OS
PowerChute Agent uses an anonymous cipher suite for the initial connection only. All subsequent communication between the PowerChute Business Edition Agent and Server components is secured using only strong cipher suites. If the client doesn't meet this challenge and respond back using the appropriate cipher suite, the connection is killed.
To avoid this issue in your scan results, you can disable communication between the PowerChute Business Edition Agent and Server by following the steps below.
NOTE: If you disable communication between the Agent and Server you will need to use your web to monitor the Agent. The Console will no longer be able to monitor / communicate with the Agent.
1 - Stop the PBE Agent server or daemon.
To do this on a supported Windows operating system, go to control panel, Administrative Tools, Services and stop APC PBE Agent
To do this on a supported Linux OS go to /etc/rc2.d and stop S99PBEAgent
2 - Locate the comps.m11 file in the PowerChute agent installation directory. The default path is for Windows systems is C:\Program Files\APC\PowerChute Business Edition\agent.
For Linux the path is /opt/APC/PowerChuteBusinessEdition/Agent
3 - Make a copy of the comp.m11 file
4 - Edit the comp.m11 file and remove the following 2 lines using a text editor and save the file
5 - Restart the PBE Agent server or daemon.