vWorkspace and vulnerability SSL POODLE

Similar Questions

• Vulnerability of POODLE?

  As you may know, a wide Internet security problem, commonly referred to as POODLE, has been identified in the last two weeks and affects all those who use the older Web browsers that use SSL version 3 (SSLv3), specifically Internet Explorer (IE) 6. This issue creates a vulnerability that could allow hackers to access any connection using this outdated Web browser.

  At BC resolved this or is it already supported. Recently, Google announced that they have a problem with the POODLE.

  Hello

  Please check this thread stop Authorize.net SSLv3, vulnerability of poodle - BC is not affected

• vWorkspace and Foglight integration not working

  Hello

  When I click on the diagnosis and the monitoring tab for any element (datacenter, virtual computer users) in vWorkspace I get the following error.

  See not found: system:vdidiagnostics_vmware_consoleintegration.viewCIVMWQuickView

  The Diagnostics tab and real monitoring itself works fine and opens my Foglight homepage without problem (I have installed on a separate virtual computer foglight)

  vWorkspace version is 8.0.306 and Foglight Foglight virtualization 7.1 trail verison.

  Any help would be appreciated.

  Thank you

  Andrew

  Hi André,.

  Foglight for. Virtual desktop (v5.6), which is now supplied with and integrated with vWorkspace and Foglight for v7.x virtualization (VMware) are similar but different products.

  If functionality (and URLs) supported in a single product do not work in the other. vWorkspace is hardcoded to work with Foglight for virtual desktops.

  If you have ITS current for vWorkspace, you are entitled to a copy free from Foglight for the virtual desktop, which takes in charge the two Hyper-V and VMware hypervisor infrastructure + followed by the components of farm vWorkspace.

  Kind regards

  Rick

• Cisco ASA 5505 and comodo SSL certificate

  Hey all,.

  I'm having a problem with setting up the piece of Certificate SSL of Cisco AnyConnect VPN. I bought the certificate and installed it via the ASDM under Configuration > VPN remote access > Certificate Management > identity certificates. I also placed the piece of 2 CA under the CA certificates. I have http redirect to https and under my browser, it is green.

  Once the AnyConnect client installs and automatically connect I get no error or anything. The minute I disconnect and try to reconnect again, I get the "VPN Server untrusted certificates! ' which is not true because the connection information to be https://vpn.mydomain.com and the SSL certificate is configured as vpn.mydomain.com.

  On that note, it lists the IP address instead of the vpn.mydomain.com as the unreliable piece of this. Now of course I don't have the IP as part of the SSL-cert, just the web address. On the side of the web, I have a record A Setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.

  What I'm missing here? I can post config if anyone needs.

  (My Version of the Software ASA is 9.0 (2) and ASDM Version 7.1 (2))

  Yes that's correct. technically, it will take you to EKU as keys to authenticate server who was a little forced in version 3.1. But eventually, he was taken away. If you get no error using the browser and ot only comes with the anyconnect client. Most likely, you do not have to configured values. I can confirm that if you can share the fqdn with me also, you can try the upgrade and check it out.

  Thank you

  Bad Boy

• How to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.

  We want to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. We used the followign command:

  SET JAVA_OPTION = - Dweblogic.security.SSL.protocolVersion = SSL3 - Dweblogic.security.disableNullCipher = true

  but still SSL 2.0 is used. Help, please

  Deepak looking good so far.

  Let us know for any other help. We encourage you to create a service request with Oracle.

  See you soon,.

• Why Quicktime suddenly gives me errors of version and vulnerability for v QT 7.6.6 after updating to firefox 22?

  After the forced 22 Firefox update, Quicktime fails with an error ' version 7.6.6 vulnerability. " I am running OSX Snow Leopard 10.6.8. The plugin Firefox (Tools/Add-ons custom) also shows the vulnerability. More suggested solutions AND the Firefox troubleshooting, see the:

     File: QuickTime Plugin.plugin
     Path: /Library/Internet Plug-Ins/QuickTime Plugin.plugin
     Version: 7.6.6
     State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
  

  BUT, when I use Finder, I can't find the file or folder. The only plugin in this folder is Google Earth.

  My system shows everything is running, OS, applications, and al., with the current Quicktime version 10, so there is no possibility of UPDATE_AVAILABLE, because there is NO more updated Quicktime than what I use.

  If he is a real vulnerability for Quicktime version, why all of a sudden Firefox takes two years so he could finally appear in Firefox 22? And mys system is completely updated, it seems no possible to upgrade to a newer version of Quicktime that 7.6.6, one who apparently comes with os x 10.6.8. If it IS a mistake, I don't know how to fix it.

  Meanwhile, Quicktime is still running in Safari.

  Hello, quicktime 7.7.0 and down on mac os x was put on the red list of mozilla recently (this is not directly related to the release of firefox 22 & will be also implemented in earlier versions of the browser).

  https://addons.Mozilla.org/en-us/Firefox/blocked/P408

  in the appropriate bug report, I asked to reconsider this decision, perhaps the situation for mac os x 10.6 not took into consideration - quicktime 7.6.6 is the latest version available for download on the website of apple for this system...

• Message from Safari that Silverlight is obsolete and vulnerable

  When I checked the Plugins in Safari on my mac, there is a point of explanation by Silverlight and a message indicating the version of silverlight on my computer is vulnerable and needs to be updated.  I looked online and there are two new versions of Silverlight for mac.  Silverlight is not updated for a reason, and I can't remove it from the computer.  I put the application to the trash and deleted, but when I restart my computer, it recharges.  I can not find an uninstall for Silverlight program anywhere.  The version I have is 5.1.41212.0 and the last time it updated in December.  How can I completely remove it from my computer and reinstall a newer version?

  FWIW, Silverlight 5.1.41212.0 is the current version. Not sure why you get this message. You don't have to uninstall Silverlight to reinstall.

• vWorkspace and Foglight for Virtual Office training

  Anyone know if it is available for vWorkspace training instructor 8 and Foglight for virtual desktops?  I contacted Dell training but never received a response.

  This question is not met at the time of the request

  If you are still interested, let me know and I can run after correct people.

• vWorkspace and VMWare 5.1 update compatibility 2

  Hi guys,.

  Can someone give me please an update on what vWorkspace will officially support VMWare 5.1 update 2?

  In addition, if we were to just go ahead and upgrading VMWare to 5.1 update 2 (we are currently on the plain 5.1), what problems meet us?  We are on vWorkspace 8.0 MR1.

  Updates VMWare 5.5 compatibility?  It is less important

  Thank you!

  Nick.

  Hi Nick,

  May be late but it is supported in 8.0.1. (vmware 5.1 u2), 5.5 will be supported in the next version (8.5 or 9.x), it's what tells me so good luck

• vWorkspace and SAP

  Hello

  I would like to know if someone has implemented vWorkspace to publish the SAP Client. If so, please share your experience?

  Best regards and many thanks.

  Michael.

  I have that I also managed to publish SAP client 7.x succsessfully. But for the client works correctly in transparent window mode, I have to use MS compatible mode to transparent window, vworkspace no native mode.

  Which has been implemented on version 7.6 of vWorkspace. I have not tried yet on v8, but when I was talking to DELL support this case they test SAP on the version beta customer of v8 and it works very well with the native window seamliess

  Robert

• Cypher v2 and weak SSL

  I have a rsv4000 updated to firmware v2.0.3.4 when remote access is enabled and an analysis of PCI compliance is made accepts monograms low years sslv2, which are considered at high risk for safety. Any thoughts on how to solve this problem and still allow remote access.

  Currently, you agree the following less than 128-bit encryption and Protocol SSLv2. Please disable acceptance of ciphers below 128 bits and disable acceptance of the SSLv2 protocol.

  Cipher (s) of server support:

  Accepted SSLv2 168 bit DES-CBC3-MD5

  Accepted SSLv2 128 bit IDEA-CBC-MD5

  Accepted SSLv2 128 bits RC2-CBC-MD5

  Accepted SSLv2 128 bit RC4 - MD5

  Accepted SSLv2 56 bit DES-CBC-MD5

  Accepted SSLv2 40 bits EXP-RC2-CBC-MD5

  Accepted SSLv2 40 bits EXP-RC4-MD5

  Accepted SSLv3 56 bit DES-CBC-SHA

  Accepted TLSv1 56 bit DES-CBC-SHA

  Cipher (s) of preferred server:

  SSLv2 168 bit DES-CBC3-MD5

  256-bit AES 256 - SHA SSLv3

  TLSv1 256 bit AES 256 - SHA

  SSL certificate:

  Version: 3

  Serial number :-0

  Signature algorithm: sha1WithRSAEncryption

  Issuer: / CN = Linksys_RVS4000/OR = RVS4000/O = Cisco Systems, Inc./C = US

  Not valid before: 22 Nov 17:03:18 GMT 2011

  Not valid after: 19 Nov 17:03:18 GMT 2021

  Subject: / CN = Linksys_RVS4000/OR = RVS4000/O = Cisco Systems, Inc./C = US

  Public key algorithm: rsaEncryption

  Thank you

  Dave

  Same problem with RV320.

• Cisco ACS 5.1 and ASA SSL VPN change or notify the expired password

  Hello

  Now, my ACS and ASA related to RADIUS (MSCHAPv2). I've set up password life on GBA and password management on SAA. But Cisco ASA did prompt change or whatever it is to notify when the user tries to log on with Clientless SSL VPN. Could you advice me everything to change, or notify the expired password?

  

  PS.

  I check change password on the first login of th on ACS this confirmation of the ASA to change password dialog box. But I want change or warn when the expired password

  Thank you

  The default password is marked as disabled after expiry

  I think that there is an improvement for this in the 5.2.0.26.2 patch and above, which includes the following:

  CSCtk32168: Add an option to change the password when the password expires (T + and Radius)

  After you install this hotfix, you get an option to the user authentication settings is:

  -Disable the user account

  -Expire the password

  When the expiration period is exceeded

  If password is expired then user will be asked to change password next authentication

  Note this latest patch for 5.2 is 5.2.0.26.4. All patches are cumulative

• ACL and anyconnect ssl vpn

  Hello world

  I was testing the few things at my lab at home.

  PC - running ssl vpn - sw - router - ISP - ASA (anyconnect ssl)

  AnyConnect ssl works very well and I am also able to access the internet.

  I use full tunnel

  I have ACLs on the external interface of the ASA

  1

  True

  any

  any

  intellectual property

  Deny

  0

  By default

  []

  I know that the ACL is used to traffic passing by ASA.

  I need to understand the flow of traffic for internet via ssl vpn access. ?

  Concerning

  MAhesh

  As you correctly say, the ACL interface is not important for that because the VPN traffic is not inspected by the ACL. Of the at least not by default.

  You can control the traffic with a different ACL that is applied to the group policy with the command "vpn-filter". And of course you need a NAT rule that translates your traffic when running to the internet. This rule should work on the pair of interface (outside, outside).

• PHP Curl and check ssl

  Hi all

  I'm trying to build a php class to be able to use workflows in Orchestrator.

  I can use a lot of applications, using this code:

  $curl = function curl_init();

  $url = $this-> url. "Catalog/System/Workflow /';

  $curlOptions = array)

  CURLOPT_URL = > $url,

  CURLOPT_CUSTOMREQUEST = > 'GET ',.

  Curlopt_buffersize = > CURLAUTH_BASIC,.

  CURLOPT_SSLVERSION = > 3,

  CURLOPT_SSL_VERIFYPEER = > 0,

  CURLOPT_SSL_VERIFYHOST = > 0,

  CURLOPT_USERPWD = > ' $this-> username: $this-> password. "

  CURLOPT_RETURNTRANSFER = > true,

  CURLOPT_HEADER = > true

  );

  curl_setopt_array ($curl, $curlOptions + $this-> curlOptDefaults);

  $content = curl_exec ($curl);

  If (curl_errno ($curl)! = 0)

  {

  echo ' CURL error: ".". " curl_error ($curl);

  Die (»);

  }

  $tabWorkFlows = json_decode ($content, true);

  But when I add this header

  CURLOPT_HTTPHEADER = > ' Content-Type: application/xml '

  I still have the question:

  SSL certificate problem, verify that the CA cert is OK. Details: error routines: 14090086:SSL: SSL3_GET_SERVER_CERTIFICATE:certificate check failed

  even if I leave ssl_verifypeer and verifyhost of ssl to 0. Have someone to experience this problem?

  Feel free to ask more if necessary.

  Hello

  may be a problem that CURLOPT_HTTPHEADER expects an array.

  Tim

• Security reviews, pilots invited and vulnerability mitigation

  Hello people,

  I'm looking at an interesting dilemma about the security team on our build VMGuest. 4.1 operating u2 a mixture of 2003r2sp2 and 2008r2sp1 quests were running v7 hardware and tools generation v 8.3.12 493255. A recent analysis identified vulnerabilities native driver e1000 used with tools like a medium level threat http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6385 .

  I've always learned in best practices to use the version of the tools of the pilots and not to ever use hardware drivers due to problems of "compatibility".

  
  Now my question is.... is - it now practice common to patch virtual hosts with driver updates from the manufacturer of the card emulated in place of just using the native driver sets and vmware tools?

  
  I've seen the occasional post that says no don't... but seemingly dated information.

  
  If it is not the case then that means factoring in a pilot of more recent material to the model generation or possibly opt for help vmxnet3 drivers for windows based clients.

  I can do one of 3 things here:

  (a) other challenge security on the VMWare compatibility basis then find documentation to support
  (b) replace the drivers with updated material basis of pilots made Intel
  (c) avoid the question entirely? and potentially use s vmxnet3

  I'm just getting up VUM who will however host-based updates the patched for windows guest will be managed by a third-party tool

  Any thoughts on this matter would be appreciated

  Thank you very much

  Hello

  Since the e1000 driver is Microsoft (or as much as Microsoft gets this driver), you should patch this driver with a Microsoft. If there is a vulnerability you should go first to the guest operating system vendor. If they direct you to a provider of material then you should watch other requirements at the hardware level before continuing.

  Given that VMware Tools does not replace the existing drivers, it is up to you to patch the operating system invited as your do normally.

  Perspective of VMware, is that you SHOULD use VMXNET drivers as it improves over all performance.

  But for the most part this vulnerability in the operating system and should be corrected accordingly.

  Best regards
  Edward L. Haletky
  VMware communities user moderator, VMware vExpert 2009, 2010, 2011, 2012

  Author of the books ' VMWare ESX and ESXi in the business: Planning Server Virtualization Deployment, Copyright 2011 Pearson Education. ' Of VMware VSphere and Virtual Infrastructure Security: securing the virtual environment ', Copyright 2009 Pearson Education.
  vSphere Upgrade Saga - virtualization security Table round Podcast