Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > DameWare Remote Support & Mini Remote Control > POODLE attack on SSL 3.0 protection in DameWare

POODLE attack on SSL 3.0 protection in DameWare

Table of contents
Created by Marlo Bidayan, last modified by MindTouch on Jun 23, 2016

Views: 60 Votes: 0 Revisions: 3

Overview

This article describes a workaround to protect your system from the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability. 

POODLE is a protocol downgrade that allows abuses on outdated form of encryptions. SSL 3.0 is a fallback protocol for most servers when more secure protocols like TLS fail to recognize the handshake. An attacker can force downgrade your browser to SSL 3.0 and gain entry to personal data. Since the problem is the protocol, anything that uses SSL 3.0 is affected. An attacker can obtain private information despite using protocol HTTP/S is used.

Any product using OpenSSL cryptographic functions are not vulnerable, but a vulnerability scan will report them if they contain vulnerable OpenSSL versions.
Protocol downgrade is visible on the server side. Servers can usually log TLS protocol versions. This information can be compared with user agents or other information from the profile of a logged in user. Mismatches can indicate attack attempts.

Communication between the following DameWare components is affected:

  • Central Server vs Internet Proxy
  • Central Server vs Mobile Gateway
  • DRS vs Central Server
  • MRC vs Central Server
  • MRC vs Internet Proxy Server

Environment

  • All DameWare Remote Support versions
  • All DameWare Mini Remote Control versions

Steps

  1. Disable SSL 3.0 in the component code where it can be used by manually specifying the ServicePointManager.SecurityProtocol property.
    Note: ServicePointManager settings are per-appdomain. This property selects a Secure Socket Layer (SSL) protocol for new connections that use secure Hypertext Transfer Protocol (HTTP/S) scheme only.
  2. Disable SSL 3.0 in Windows registry. Refer to How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.
  3. Disable SSL 3.0 usage in Windows Communication Foundation (WCF).
  4. Patch Windows registry during installation.
    Note: An updated Windows registry by DWServer installation is required. The Windows registry key should contain the following patch:
    "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 0 /f
    "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v Enabled /t REG_DWORD /d 0 /f

Note: Re-enabling SSL 3.0 usage cannot be prohibited. This may have negative implications on other installed programs.

  • REG ADD
  • REG ADD

 

Last modified
19:05, 22 Jun 2016

Tags

Classifications

Public