Insecure TLS Cipher Suite Selection in comforte SWAP and comforte Secur Products

Insecure TLS Cipher Suite Selection in comforte SWAP and comforte Secur Products

CVE-2018-6653 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.

Learn more about our Network Penetration Testing.