Technical FAQs

Ask a Question

PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)

Issue: 
PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)

Product Line:
PowerChute Network Shutdown (PCNS) version 4.2

Environment:
All supported OS

Cause:
 PCNS 4.2 supports the following ciphers (you can see this by running an SSLScan on port 6547):

Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA

The DES-CBC3-SHA cipher is the one which is getting flagged by PCI security compliance for CVE-2016-2183


Solution:

You can disable the use of this cipher as follows:

On Windows

1. Stop the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net stop pcns1

2. In the PowerChute Network Shutdown JRE folder located in (C:\Program Files\APC\PowerChute\jre_x64), open the file lib\security\java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net start pcns1

On Linux

1. Stop the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute stop

2. In the PowerChute Network Shutdown JRE folder located in (/opt/APC/PowerChute/jre1.8.0_91), open the file /lib/security/java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute start

Was this helpful?
What can we do to improve the information ?