FREAK (which stands for “Factoring RSA export keys”), also sometimes called “Smack,” is an attack against a vulnerability in some implementations of the TLS Internet protocol that can lead to “man-in-the-middle” decryption of secure transmissions into plaintext.
CCS Symantec CCS does not use vulnerable code for secure connections. No patch or configuration to CCS itself is necessary. However, customers who have enabled HTTPS connections on IIS for the CCS Web portals for R&A and AM should follow the same recommendations for all Windows servers and either disable RSA export cipher suites or apply the appropriate patch to fix a similar Windows vulnerability which can also be exploited by the FREAK technique (CVS-2015-1637) and would allow man-in-the-middle attacks on encrypted communications between browsers and the CCS Web portals (and whatever else the Web server is hosting). More information is available from Microsoft at https://technet.microsoft.com/library/security/MS15-031.
Web portals that are on secure networks and not configured for encrypted communications don’t need to worry about changing this since their communications aren’t encrypted to begin with.
ESM Symantec ESM does not use vulnerable code for secure connections. No patch or configuration is necessary.
SRAS Symantec SRAS agents do use vulnerable code when communicating with their Web server (IIS). As SRAS has reached EOL there are no plans to release an update at this time, and the vulnerability can be mitigated by the same recommendations in the CCS section for IIS since successful exploitation of the vulnerability requires both client and server to support the RSA export cipher suite fallback.
Imported Document ID: TECH228904
Subscribing will provide email updates when this Article is updated. Login is required.