Symantec Scan Engine Known Immutable DSA Private Key
Description
Symantec Scan Engine exhibits a vulnerability in the way it generates the SSL private key used for protecting communications over TCP port 8005. This port is used to exchange sensitive configuration and control commands between the server and the administrative control application.
While all data over this port is protected using SSL, Rapid7 has found that every installation of Symantec Scan Engine uses the same private DSA key. This immutable key cannot be changed by end users and can be extracted easily from any installation of this product.
This design flaw renders the SSL protection useless. An man-in-the-middle attacker could easily intercept and decrypt all communications between Symantec Scan Engine and an administrative client.
Solution(s)
- symantec-scan-engine-upgrade-5_1
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center