On-prem HiveManager and HMOL vulnerable to SSLv3 "POODLE" attack - method to disable?

  • 1
  • Question
  • Updated 3 years ago
  • Answered
On-prem HiveManager is vulnerable to POODLE SSLv3 attacks, per our internal testing.

I'm wondering if there's a way to disable SSLv3 for the admin interface? I don't see anything in the documentation for adjusting this.

For what it's worth, Qualys also shows the HMOL login domain as vulnerable.
Photo of Steven Bateman

Steven Bateman

  • 65 Posts
  • 12 Reply Likes

Posted 3 years ago

  • 1
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1026 Posts
  • 269 Reply Likes
Acknowledged, and we intend to publish a PSIRT on our public web pages as soon as I get all the right people to sign off on it. Please note that Poodle is an attack against client credentials, not the server itself. If you can disable SSLv3 within the client browser, then a MiTM cannot forcibly downgrade the client-server connection to this vulnerable protocol. For guidance on adjusting your browsers, I have found this link to be good - https://zmap.io/sslv3/browsers.html