[j-nsp] SA SSL VPN vulnerable to Heartbleed?
Vincent Clement
vclement.mail at gmail.com
Wed Apr 9 18:21:13 EDT 2014
Hello,
Anyone here to confirm me how it works?
I mean, i've looked after some heartbleed description, and i'm not sure
when the issue can occurs:
If i have certificate authentication on MAG, is this still vulnerable, or
the attacker can't even start the SSL connection and go to the step where
heartbeat occurs to have access to the issue?
In the SSL/TLS process, I think the SSL session starts with the MAG server
certificate sent to client, then ask for customer one. Is this sufficient
to "launch" heartbleed for an attacker?
Thanks,
Vincent
2014-04-09 21:25 GMT+02:00 Morgan McLean <wrx230 at gmail.com>:
> Just refer to their doc, our MAGs are vulnerable. All depends on the
> software.
>
> Thanks,
> Morgan
>
>
> On Wed, Apr 9, 2014 at 12:17 PM, ML <ml at kenweb.org> wrote:
>
> > I scanned both my MAG2600s and they came back as not vulnerable.
> >
> >
> >
> > On 4/8/2014 6:06 PM, Ravi Pina wrote:
> >
> >> I have a case open for a MAG-2600 to say one way or another. I don't
> >> recall seeing any
> >> advisory from Juniper about the CVE. I'll update if I learn of
> anything.
> >>
> >> -r
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Vincent Clément
+33 6 74 49 66 30
More information about the juniper-nsp
mailing list