No, as far as I know FREAK only affects web browsers.
Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
It is a TLS/SSL vulnerability, not isolated to web browsers.
OpenSSL updated the code in January? I think it was, so any version past 1.0.1k is no longer vulnerable, and I 'believe' that Sophos updated in a previous version.
Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
I tested my WAF (port 443, 9.2x) and 2 of my firewalls (port 4444, versions 9.1x and 9.2x) with the Nagios page and it says OK... PROBABLY NOT VULNERABLE to FREAK
does anyone know if the Webfilter is vulnerable when doing HTTPS scan? We use UTM 9.211 and the OpenSSL library is 1.0.1j (vulnerable). (e.g. UTM version 9.308 uses OpenSSL 1.0.1k and so I guess the web proxy is secure, except if it's using another SSL library).
The question is: when doing HTTPS scan, does the UTM a) pass through the cipher list from the browser or b) does it send its own list (containing export grade ciphers)?
In case of b), the SSL connection between server and UTM could be vulnerable even if the browser is updated and has a secure connection to the UTM.
does anyone know if the Webfilter is vulnerable when doing HTTPS scan? We use UTM 9.211 and the OpenSSL library is 1.0.1j (vulnerable). (e.g. UTM version 9.308 uses OpenSSL 1.0.1k and so I guess the web proxy is secure, except if it's using another SSL library).
Hi Jens, fwiw, according to the Nagios URL above, my 9.211 WAF is not vulnerable on port 443 (SSL WAF).
The question is: when doing HTTPS scan, does the UTM a) pass through the cipher list from the browser or b) does it send its own list (containing export grade ciphers)?
b. I have the certificates installed on the WAF, so it's doing it's own SSL.
In case of b), the SSL connection between server and UTM could be vulnerable even if the browser is updated and has a secure connection to the UTM.
we have two subjects here: I was talking about the Web Filter, i.e. web proxy that scans all client web traffic. You are talking about the WAF (reverse proxy) that protects own websites. I agree that the WAF is secure, but I think there might be issues with the web proxy / web filter.
The proxy does not protect clients from the freak attack. They must update their browsers. I attempted to access a test page (https://freakattack.com/clienttest.html) on my phone and I was vulnerable using the proxy.
I am using a old 9.211-3 though, perhaps fixed in 9.3
