Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-51305

Vulnerability Identified: SSL Medium Strength Cipher Suites Supported (SWEET32) for tcp/10258

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • CLOUD Sprint 268, CLOUD Sprint 269, CLOUD Sprint 270, CLOUD Sprint 271, CLOUD Sprint 272, CLOUD Sprint 273, CLOUD Sprint 274, CLOUD Sprint 275, CLOUD Sprint 276, CLOUD Sprint 277, CLOUD Sprint 278
    • 11
    • In Progress
    • CVE - Common Vulnerabilities and Exposures
    • Disables the unused webhook http servers for Cloud Controller Managers.
    • None
    • None
    • None
    • None

      Description of problem:

      Vulnerability Identified: SSL Medium Strength Cipher Suites Supported (SWEET32)
Port: 10258
Protocol: TCP
Cipher Suite(s): ECDHE-RSA-DES-CBC3-SHA, DES-CBC3-SHA (3DES with 168-bit keys)
CVE: CVE-2016-2183

The AWS CCM is expected to be listening on port 10258 on an AWS cluster. 

On the customers cluster it is listening but for me on the lab cluster it was not running. 

~~~~
netstat -tupan | grep '10258'
tcp6       0      0 :::10258                :::*                    LISTEN      1311638/aws-cloud-c
~~~

       

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

              rh-ee-cschlott Christian Schlotter
              rhn-support-dsrivast Divyanshi Srivastava
              None
              None
              Zhaohua Sun Zhaohua Sun
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: