Security Updates and Reflection for Secure IT
Technical Note 2288
Last Reviewed 22-Oct-2014
Applies To
Reflection for Secure IT UNIX Client version 7.0 or higher
Reflection for Secure IT UNIX Server version 7.0 or higher
Reflection for Secure IT Windows Server version 7.0 or higher
Reflection for Secure IT Windows Client version 7.0 or higher
Reflection for Secure IT Web Edition version 8.0 through 8.1
Summary

This technical note describes security issues related to the Reflection for Secure IT products listed in the Applies To section. If you rely on the security features of these products, you should consult this technical note on a regular basis for any updated information regarding these features.

Other Useful Resources

  • Operating system, host, and network effects on overall security: Technical Note 2200.
  • Report a potential security vulnerability in an Attachmate product to Attachmate: Technical Note 1890.
  • Check on the product support lifecycle status of your Attachmate software: http://support.attachmate.com/programs/lifecycle/.
  • Review security updates for other Attachmate products: http://support.attachmate.com/security/.
  • Information about Attachmate products and FIPS 140-2: Technical Note 2400.
  • Information about Reflection PKI Services Manager: Technical Note 2560.

Java and Reflection for Secure IT

In this product family, Reflection for Secure IT Web Edition uses Java; the other Reflection for Secure IT products do not use Java.

Reflection for Secure IT Web Edition contains both a Java Server and a Java applet.

  • The installer for the server installs a private JRE that is updated when Reflection for Secure IT Web Edition releases; this may occur with a hotfix, service pack, or full release. You can also manually update the JRE.
  • The applet is signed by a CA-issued certificate and served via HTTPS.

For more information about Java and Reflection for Secure IT, see Technical Note 2600.

Security Alerts and Advisories

The following security alerts and advisories may affect your product installation, or the security of your operating system or network environment. We recommend that you review these alerts and advisories.

Note: This information is non-inclusive—it does not attempt to address all security issues that may affect your system.

IMPORTANT REMINDER: The security for all of the Attachmate products using the Attachmate security features depends upon the security of the operating system, host, and network environment. We strongly recommend that you evaluate and implement all relevant security service packs, updates, and patches recommended by your operating system, host, and network manufacturers. For more information, see Technical Note 2200.

Alert
Multiple OpenSSL Vulnerabilities
Summary
Multiple OpenSSL issues have been addressed in the latest OpenSSL version. We recommend that you upgrade to the latest version of Reflection for Secure IT Server for Windows, available from the Attachmate Downloads.
Date Posted and Version Affected
October 2014 – Reflection for Secure IT Server for Windows v8.2 contains the latest OpenSSL Cryptographic Module that includes OpenSSL release 1.0.1i.
Additional Information
For vulnerability details, see
https://www.openssl.org/news/secadv_20140806.txt.

Alert
Multiple Remote Code Execution Vulnerabilities in Reflection FTP Client Through ActiveX Interface (CVE-2014-0603, CVE-2014-0604, CVE-2014-0605, CVE-2014-0606)
Date Posted
August 2014
Summary
By sending specially crafted requests to the Reflection FTP Client OLE Automation (COM/ActiveX) API to upload a file to a system specific folder, it is possible for an attacker to execute arbitrary code on the system.
Product Status
This issue affects Windows Client versions 7.2.3228 or earlier (identified as version 7.2.465 or earlier in Help > About), which includes Reflection FTP Client 14.1.426 or earlier (as identified in the FTP Client application Help > About dialog).
This
issue is resolved beginning in Windows Client version 7.2.3233 (identified as version 7.2.468 or higher in Help > About), which includes Reflection FTP Client 14.1.429 or higher. Maintained customers can contact Attachmate Technical Support to obtain the hotfix.
Additional Information
Attachmate would like to thank Andrea Micalizzi (rgod), working with HP's Zero Day Initiative, for the discovery and responsible reporting of these vulnerabilities.
For vulnerability details, see the National Vulnerability Database:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0603
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0604
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0605
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0606

Alert
OpenSSL "CCS Injection" Vulnerability CVE-2014-0224
Date Posted
August 2014
Summary
A vulnerability in OpenSSL could allow an attacker with a man-in-the-middle vantage point on the network to decrypt or modify traffic.
Product Status
This issue affects Reflection FTP Client 14.1.426 or earlier included with Reflection for Secure IT Windows Client 7.2.3228 or earlier (identified as version 7.2.465 or earlier in Help > About), but only when making SSL 3.0, TLS 1.0 or TLS 1.2 connections.
This
issue is resolved beginning in Windows Client version 7.2.3233 (identified as version 7.2.468 or higher in Help > About), which includes Reflection FTP Client 14.1.429 or higher. Maintained customers can contact Attachmate Technical Support to obtain the hotfix.
Additional Information
For details and the latest information on mitigations, see the following:
CERT-CC Vulnerability Note VU#978508:
http://www.kb.cert.org/vuls/id/978508
National Vulnerability Database:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224

Alert
OpenSSL "Heartbleed" Vulnerability CVE-2014-0160
Date Posted
April 2014
Summary
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.
Product Status
This issue affects a component of Reflection Secure IT Web Edition 8.1. A hotfix to resolve this issue is available upon request by contacting Attachmate Technical Support.

Also, this issue affects the Reflection FTP Client included with Reflection for Secure IT Windows Client 7.2 SP3, but only when making TLS 1.2 connections to a malicious server. This issue is resolved in the Reflection FTP Client beginning in Reflection for Secure IT Windows Client 7.2 SP3 Update 1 (version 7.2.3.222), available from Attachmate Downloads.

Additional Information
For details and the latest information on mitigations, see the following:
US-CERT Technical Alert:
https://www.us-cert.gov/ncas/alerts/TA14-098A
CERT-CC Vulnerability Note VU#720951:
http://www.kb.cert.org/vuls/id/720951
National Vulnerability Database:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Alert
TLS BEAST Vulnerability CVE-2011-3389
Date Posted
April 2014
Summary
The SSL protocol used in common browser configurations, encrypts data using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers. BEAST is the tool that exploits this vulnerability.
Product Status
Reflection for Secure IT Web Edition 8.1 is subject to this vulnerability. If you have version 8.1, follow the steps described in Additional Information to configure Web Edition to use only TLS version 1.1 or 1.2, which are not subject to the vulnerability.
Additional Information
To configure Web Edition to use only TLS version 1.1 or 1.2:
1. Edit the Web Transfer service configuration file service-ctx.xml located in C:\Program Files\Attachmate\RSecureWebEdition\WebTransfer\services\servletengine\META-INF\.
2. Locate the bean with id=”servletEngineSslContext”.
3. Add the following property:
<property name="includeProtocols"value=“TLSv1.1,TLSv1.2" />
4. Save the file and restart the Web Transfer service.
5. Repeat steps 2 and 3 for the User Manager service configuration file service-ctx.xml located in C:\Program Files\Attachmate\RSecureWebEdition\UserManager\services\servletengine\META-INF\.
6. Save the file and restart the User Manager service.

For each client that connects using the Web Transfer Client, the Java Runtime Environment (JRE) must be configured to use TLS 1.1 or TLS 1.2. To enable TLS 1.1 and higher:
1. Launch the Java Control Panel from Start > Control Panel > Java.
2. Select the Advanced tab.
3. Scroll to the Advanced Security Settings section.
4. Uncheck Use SSL 3.0 and Use TLS 1.0.
5. Select both Use TLS 1.1 and Use TLS 1.2, then click Ok.
Note: Once the JRE is configured to use TLS 1.1 or 1.2, the Firefox browser is no longer supported since Firefox does not support the newer TLS protocols.

For more information about this alert, see
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389

Alert
RSA Security Advisory: ESA-2013-068 Crypto-J Default DRBG May Be Compromised
Date Posted
February 2014
Summary
RSA strongly recommends that customers discontinue use of the default Dual EC DRBG (deterministic random bit generator) and move to a different DRBG.
Product Status
Reflection for Secure IT Web Edition 8.0 is subject to this vulnerability. You can upgrade to Reflection for Secure IT Web Edition 8.1 Build 198 (8.1.0.198), which is not subject to this vulnerability. Or if you have version 8.0, or if you have installed your own JVM or JDK, follow the steps as described below in Additional Information to discontinue using the default Dual EC DRBG.
Additional Information
If you have installed and configured your own Java JVM or JDK, the java.security file will be located in the %JAVA_HOME%/jre/lib directory of your install.

To change the default pseudo-random number generator (PRNG) used, you can add the following line to the java.security file:
com.rsa.crypto.default.random=HMACDRBG256

For more information about this alert, see
http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf.

Alert
Multiple OpenSSL Vulnerabilities
Date Posted
February 2014
Summary
The ssl3_take_mac function allows remote TLS servers to cause a denial of service via a crafted TLS handshake (CVE-2013-4353).

The ssl_get_algorithm2 function allows remote attackers to cause a denial of service attack via crafted traffic from a TLS 1.2 client (CVE-2013-6449).

Product Status
This issue is resolved beginning in Reflection for Secure IT Web Edition 8.1 Build 198 (8.1.0.198).  Upgrade to this build, available from the Attachmate Download Library.
Additional Information
For details, see the National Vulnerability Database site at
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449

Alert
Multiple Oracle JRE Vulnerabilities
Summary
Multiple Oracle JRE issues have been addressed in the latest Oracle Java update. We recommend that you update the Java Runtime Environment (JRE) for Reflection for Secure IT Web Edition.
Date Posted and Version Affected
August 2013 – Reflection for Secure IT Web Edition 8.1 installs Version 7 Update 25 of the Java Runtime Environment (JRE).
Additional Information
Oracle lists the security vulnerabilities addressed by Oracle advisories (updates); see the mapping at
http://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html.

Alert
OpenSSL ASN1 BIO Denial of Service Vulnerability CVE-2012-2110
Date Posted
May 2013 - Modified
November 2012 - Modified
June 2012 - Modified
May 2012

Summary
An ASN.1 input function does not properly interpret integer data, which allows remote attackers (on the Reflection for Secure IT servers) or local attackers (on the Reflection for Secure IT clients) to conduct buffer overflow attacks, and cause a denial of service (memory corruption), via crafted DER data, as demonstrated by an X.509 certificate.
Product Status
This issue is resolved beginning in Reflection for Secure IT Windows Server version 7.2+SP1 Update 1 (7.2.752), and Reflection for Secure IT UNIX Client and Server version 7.2+SP1 Update 1 (7.2.1.94). Upgrade to version 8.0, available from the Download Library.

This
issue is resolved in Reflection for Secure IT Windows Client 7.2. 2197. Upgrade to Reflection for Secure IT Windows Client 7.2 SP3 or higher, available from the Download Library.
Additional Information
For details, see the National Vulnerability Database site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2110.

Alert
Vulnerability Summary for CVE-2013-0422
Date Posted
January 2013
Summary
Oracle Java 7 Update 10 or earlier allows remote attackers to execute arbitrary code as exploited "in the wild" and demonstrated by exploit tools such as Blackhole and Nuclear Pack. Note: Oracle states that Java 6 is not affected.

According to Oracle, to be successfully exploited, an unsuspecting user running an affected release in a browser needs to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. These vulnerabilities are not applicable to Java running on servers or within applications.

Product Status
Reflection for Secure IT products are not subject to this vulnerability, however, the Web Edition Transfer Client requires a Java plug-in. It is this JRE plug-in that can be exploited, not the Transfer Client. To enable use of the Transfer Client and minimize the risk described in this vulnerability, you should refer to the latest information provided by Oracle and install a version of Java that addresses this vulnerability.
Additional Information
For details, see the National Vulnerability Database at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422 and Oracle's site at http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html.

Alert
Vulnerability CVE-2011-5000
Date Posted
November 2012
Summary
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. There may be limited scenarios in which this issue is relevant.
Product Status
This issue is resolved beginning in Reflection for Secure IT 8.0 Server for UNIX. This issue does not affect Reflection for Secure IT Server for Windows or Reflection for Secure IT Clients.
Additional Information
For details, see the National Vulnerability Database site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5000.

Alert
OpenSSL Integer Underflow Vulnerability CVE-2012-2333
Date Posted
May 2012
Summary
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit initialization vector calculation.
Product Status
This issue does not affect Reflection for Secure IT products.
Additional Information
For details, see the National Vulnerability Database site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333.

Alert
Heap Overflow in Reflection FTP Client
Date Posted
April 2012 - Modified
November 2011

Summary
The Reflection FTP Client is subject to a heap overflow that could result in remote code execution at the authenticated user's privilege level. The vulnerability requires a user to connect to a malicious FTP server and interact with a specially crafted file.
Product Status
The Reflection FTP Client included with Reflection Windows Client 7.2 Service Pack 1 (7.2.1163) or earlier versions is subject to this vulnerability.

This
issue is resolved beginning in version 7.2.1186. Upgrade to Reflection 7.2 SP2 or higher.

This issue does not affect Reflection for Secure IT Windows Server, UNIX Server, or UNIX Client.

Additional Information
Attachmate would like to thank Francis Provencher of Protek Research Labs for discovering and reporting the vulnerability.

Alert
Vulnerability Summary for CVE-2010-3190
Date Posted
June 2011
Summary
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
Product Status
Beginning in version 7.2 SP1, Reflection for Secure IT Windows Server, this issue has been resolved by updating Microsoft Redistributable Library files for the untrusted search path vulnerability. Note: This issue does not affect Reflection for Secure IT UNIX Client or Server.
Additional Information
For details, see the National Vulnerability Database at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3190.

Alert
Vulnerability CVE-2009-2408
Date Posted
June 2011
Summary
Many applications using x.509v3 certificates for authentication do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Note: This was originally reported for Mozilla Network Security Services products.
Product Status
Beginning in version 7.2 SP1, this issue is resolved in Reflection for Secure IT UNIX Server and Client and Reflection for Secure IT Windows Server. Generating certificate signing requests (PKCS#10) with the ssh-certtool utility now sanitizes input to CN= and AltSubjName strings to prevent Kaminsky PKI layer cake attacks. Note: Beginning in version 7.1, this issue is resolved in Reflection for Secure IT Windows Client.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2408.

Alert
Vulnerability CVE-2008-0172
Date Posted
September 2010
Summary
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
Product Status
Beginning in version 7.2, this issue is resolved in Reflection for Secure IT UNIX Server and Client. Note: This issue does not affect Reflection for Secure IT Windows Server or Client.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0172.

Alert
Vulnerability CVE-2010-1321
Date Posted
May 2010
Summary
Certain invalid GSS-API tokens can cause the MIT Kerberos 5 GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. An authenticated remote attacker can cause a GSS-API application server using the MIT GSS-API library (including the Reflection for Secure IT UNIX Server) to crash by sending a malformed GSS-API token that induces a null pointer dereference.
Product Status
Reflection for Secure IT UNIX Server and Client versions 7.1 or higher can dynamically link with the vulnerable library if GSSAPI authentication is enabled. If you use GSSAPI authentication you need to download (from MIT) and install a non-vulnerable version of the library, or apply the source code patch provided by MIT at http://web.mit.edu/kerberos/advisories/2010-005-patch.txt.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1321.

Alert
Vulnerability CVE-2009-2408
Date Posted
March 2010
Summary
An attacker could get a legitimate Certification Authority to issue a valid certificate containing a '\0' (NULL) character in the Common Name (CN) or SubjectAlternativeName fields. The presence of a NULL character could result in a client accepting a server certificate that appears to be legitimate, but is not.
Product Status
All versions of the PKI Services Manager properly handle a NULL character in a domain name in the CN field identifying the Subject of an X.509 certificate. This means that the service is not vulnerable to man-in-the-middle attackers to spoof arbitrary SSL or SSH servers using a crafted certificate issued by a legitimate Certification Authority (also known as the "Null Truncation in X.509 Common Name Vulnerability”).
Additional Information
For details of a similar issue, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2408.

Alert
Vulnerability Summary CVE-2009-2409
Date Posted
March 2010
Summary
Use of MD2 hashes in X.509 certificates might allow remote attackers to spoof intermediate CA certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. Note: The scope of this issue is currently limited because the amount of computation required is large.
Product Status
This issue is resolved in Reflection PKI Services Manager version 1.1 by not accepting MD2 signed intermediate CA certificates by default. A new setting is available if you need to enable use of intermediate certificates signed using this deprecated hash algorithm. From the console, enable "Allow MD2 signed certificates". Or, in the configuration file, set AllowMD2Certificates = yes.
Additional Information
For details of a similar issue, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2409.

Alert
US-CERT Technical Cyber Security Alert TA09-209A
Date Posted
28-July-2009
Summary
Vulnerabilities present in the Microsoft Active Template Library (ATL) can cause vulnerabilities in the resulting ActiveX controls and COM components, as described in Microsoft Security Bulletin MS09-035 and Microsoft Security Advisory 973882. Any ActiveX control or COM component that was created with a vulnerable version of the ATL may be vulnerable.
Product Status
While Reflection for Secure IT Windows Server and Reflection for Secure IT Windows Client do not contain ActiveX controls or COM components, these products do contain the vulnerable ATL. However, beginning in version 7.1 Service Pack 2, these products now contain the non-vulnerable ATL.
Additional Information
For details, see the US-CERT web site at http://www.us-cert.gov/cas/techalerts/TA09-209A.html.

Alert
Vulnerability Advisory CPNI-957037
Date Posted
October 2008
Summary
A design flaw in the SSH protocol use of block ciphers in cipher block chaining mode could allow an attacker to recover up to four bytes of plaintext. Although the severity of the attack is considered high, the likelihood of a successful attack is considered low and results in terminating the user’s SSH connection.
Product Status
For more information about how this vulnerability affects Attachmate products, see Technical Note 2398.
Additional Information
For details, see the US-CERT web site at http://www.kb.cert.org/vuls/id/958563.

Alert
Vulnerability Summary CVE-2008-1657
Date Posted
July 2008
Summary
OpenSSH 4.4 and other versions before 4.9 allow remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Product Status
The "ForceCommand" keyword is no longer supported as of Reflection for Secure IT UNIX Server version 7.0 SP1.
Additional Information
For details, see the National Vulnerability Database web site at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1657.

Alert
Vulnerability Summary CVE-2008-1483
Date Posted
July 2008
Summary
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Product Status
This issue is resolved in Reflection for Secure IT UNIX Client version 7.0 SP1.
Additional Information
For details, see the National Vulnerability Database web site at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1483.

Alert
Vulnerability Summary CVE-2007-3108
Date Posted
July 2008
Summary
OpenSSL cryptography vulnerability that could allow an RSA key to be stolen.
Product Status
This issue is resolved in Reflection for Secure IT UNIX Client and Server version 7.0 SP1
Additional Information
For details, see the National Vulnerability Database web site at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108.

Alert
Vulnerability Summary CVE-2006-2937
Date Posted
July 2008
Summary
Denial of Service attack using malformed ASN.1 packets.
Product Status
This issue is resolved in Reflection for Secure IT UNIX Client and Server version 7.0 SP1.
Additional Information
For details, see the National Vulnerability Database web site at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2937.

Alert
Vulnerability Summary CVE-2006-2940
Date Posted
July 2008
Summary
Denial of Service attack using parasitic public keys.
Product Status
This issue is resolved in Reflection for Secure IT UNIX Client and Server version 7.0 SP1.
Additional Information
For details, see the National Vulnerability Database web site at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2940.

Alert
Vulnerability Summary CVE-2007-4752
Date Posted
September 2007
Summary
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Product Status
Attachmate SSH clients (including Reflection for Secure IT and Reflection X) do not have this OpenSSH vulnerability. Note: Reflection for Secure IT UNIX Clients versions 6.x and 7.0 support trusted X11 forwarding, but do not have the vulnerability.
Additional Information
For details, see the National Vulnerability Database web site at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4752.

Notice: This technical note is updated from time to time and is provided for informational purposes only. Attachmate makes no representation or warranty that the functions contained in our software products will meet your requirements or that the operation of our software products will be interruption or error free. Attachmate EXPRESSLY DISCLAIMS ALL WARRANTIES REGARDING OUR SOFTWARE INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Related Technical Notes
1890 Reporting a Potential Security Vulnerability to Attachmate
2200 Security and Your Operating Environment
2398 Attachmate Security Update for CSIRTUK Vulnerability #CPNI-957: Plaintext Recovery Attack Against SSH
2400 Attachmate Products with FIPS 140-2 Validated Crypto Modules
2560 Security Updates and Reflection PKI Services Manager
2600 Java and Attachmate Products
2724 Attachmate Security Update for OpenSSL 'Heartbleed' Vulnerability CVE-2014-0160

Did this technical note answer your question?

           



Need further help? For technical support, please contact Support.