{}

Our Brands

Search FAQs

PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)

Issue:
PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)

Product Line:
PowerChute Network Shutdown (PCNS) version 4.2

Environment:
All supported OS

Cause:
PCNS 4.2 supports the following ciphers (you can see this by running an SSLScan on port 6547):

Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA

The DES-CBC3-SHA cipher is the one which is getting flagged by PCI security compliance for CVE-2016-2183


Solution:
Update PCNS 4.2 to the latest version.


Oryou can disable the use of this cipher as follows:


On Windows

1. Stop the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net stop pcns1

2. In the PowerChute Network Shutdown JRE folder located in (C:\Program Files\APC\PowerChute\jre_x64), open the file lib\security\java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net start pcns1

On Linux

1. Stop the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute stop

2. In the PowerChute Network Shutdown JRE folder located in (/opt/APC/PowerChute/jre1.8.0_91), open the file /lib/security/java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute start

APC Belgium

Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.