This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FREAK vulnerability

offn over 10 years ago

Is Sophos UTM 9.3x affected by the FREAK vulnerability?

This thread was automatically locked due to age.

0 apijnappels over 10 years ago

No, as far as I know FREAK only affects web browsers.
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 10 years ago

It is a TLS/SSL vulnerability, not isolated to web browsers.

OpenSSL updated the code in January? I think it was, so any version past 1.0.1k is no longer vulnerable, and I 'believe' that Sophos updated in a previous version.
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 10 years ago

In that case I stand corrected.
Cancel
Vote Up 0 Vote Down

Cancel
0 NewImage over 10 years ago

I tested some of my sites behind the WAF and they passed.
FREAK Vulnerability Tester (CVE-2015-0204) - Nagios
https://entrust.ssllabs.com/analyze.html
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 10 years ago

I tested my WAF (port 443, 9.2x) and 2 of my firewalls (port 4444, versions 9.1x and 9.2x) with the Nagios page and it says
OK... PROBABLY NOT VULNERABLE to FREAK

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 maxhq over 10 years ago

Hi,

does anyone know if the Webfilter is vulnerable when doing HTTPS scan?
We use UTM 9.211 and the OpenSSL library is 1.0.1j (vulnerable).
(e.g. UTM version 9.308 uses OpenSSL 1.0.1k and so I guess the web proxy is secure, except if it's using another SSL library).

The question is: when doing HTTPS scan, does the UTM
a) pass through the cipher list from the browser or
b) does it send its own list (containing export grade ciphers)?

In case of b), the SSL connection between server and UTM could be vulnerable even if the browser is updated and has a secure connection to the UTM.

Regards,
Jens
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 10 years ago in reply to maxhq

Hi,

does anyone know if the Webfilter is vulnerable when doing HTTPS scan?
We use UTM 9.211 and the OpenSSL library is 1.0.1j (vulnerable).
(e.g. UTM version 9.308 uses OpenSSL 1.0.1k and so I guess the web proxy is secure, except if it's using another SSL library).

Hi Jens,
fwiw, according to the Nagios URL above, my 9.211 WAF is not vulnerable on port 443 (SSL WAF).

The question is: when doing HTTPS scan, does the UTM
a) pass through the cipher list from the browser or
b) does it send its own list (containing export grade ciphers)?

b. I have the certificates installed on the WAF, so it's doing it's own SSL.

In case of b), the SSL connection between server and UTM could be vulnerable even if the browser is updated and has a secure connection to the UTM.

Vulnerable to internal attacks only.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 maxhq over 10 years ago

Hi Barry,

we have two subjects here: I was talking about the Web Filter, i.e. web proxy that scans all client web traffic. You are talking about the WAF (reverse proxy) that protects own websites.
I agree that the WAF is secure, but I think there might be issues with the web proxy / web filter.

Jens
Cancel
Vote Up 0 Vote Down

Cancel
0 NewImage over 10 years ago

The proxy does not protect clients from the freak attack. They must update their browsers.
I attempted to access a test page (https://freakattack.com/clienttest.html) on my phone and I was vulnerable using the proxy.

I am using a old 9.211-3 though, perhaps fixed in 9.3
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 10 years ago

https://www.sophos.com/en-us/support/knowledgebase/122007.aspx
Cancel
Vote Up 0 Vote Down

Cancel