Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potentially vulnerability using TLS CBC ciphers #509

Closed
Charles1000Chen opened this issue Apr 30, 2024 · 3 comments · Fixed by #551
Closed

Potentially vulnerability using TLS CBC ciphers #509

Charles1000Chen opened this issue Apr 30, 2024 · 3 comments · Fixed by #551
Assignees
@andy-maier
Labels
area: code priority resolution: fixed type: bug Something isn't working
Milestone
1.7.0

Comments

@Charles1000Chen
Copy link
Contributor

Charles1000Chen commented Apr 30, 2024
edited
Loading

Describe the bug

Potentially vulnerability using TLS CBC ciphers

Expected behavior

The test item "LUCKY13" shoud be "OK" in testssh.sh test result.

To Reproduce
Test with testssl.sh, it will report the issue in its test result.

Environment information

  • Output of zhmc_prometheus_exporter --version:
  • HMC version:

Command output

{
    "id"           : "LUCKY13",
    "severity"     : "LOW",
    "cve"          : "CVE-2013-0169",
    "cwe"          : "CWE-310",
    "finding"      : "potentially vulnerable, uses TLS CBC ciphers"
}

Log file
<-- If possible, attach a log file generated with '--log-comp all=debug --log exporter.log'. -->
@andy-maier
Copy link
Member

See #508 , should be solved together.

@andy-maier andy-maier added this to the 1.7.0 milestone May 31, 2024
@andy-maier andy-maier self-assigned this May 31, 2024
@andy-maier
Copy link
Member

The two ciphers are CBC ciphers that are reported by testssl.sh:

LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches

This was on macOS with:

  • Python 3.12.3
  • OpenSSL 3.3.0
  • testssl.sh 3.0.8

@andy-maier
Copy link
Member

Solved with PR #551 .

@andy-maier andy-maier linked a pull request Jul 29, 2024 that will close this issue
Using prometheus_client 0.20.0.post1 #551
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andy-maier andy-maier

Labels
area: code priority resolution: fixed type: bug Something isn't working
Projects
None yet
Milestone
1.7.0
Development

Successfully merging a pull request may close this issue.

Using prometheus_client 0.20.0.post1 zhmcclient/zhmc-prometheus-exporter
2 participants
@andy-maier @Charles1000Chen