Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.
Posted: 2021-06-30 08:30 AM
This was originally posted on APC forums on 5/11/2009
We are using APC PowerChute Business Edition 7.0.5 with 4 Agents of 8.0.1 on Windows Server 2003 machines. We run the Nessus security scanner against it, and it reports two "serious" problems with TCP port 2161 used by APC: SSL Server Allows Anonymous Authentication Vulnerability and SSL Server Supports Weak Encryption Vulnerability. Attaching the full output of the errors below:
SSL Weak Cipher Suites Supported
Synopsis :
The remote service supports the use of weak SSL ciphers.
Description :
The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 26928
First, I'm not convinced that this isn't a false positive. Can anyone confirm that APC PowerChute uses SSL to connect between the client and management server (I think that's what port 2161 is for)? I could find nothing via Google or on the APC web site to that effect. Note that I'm just talking about PowerChute with standard Smart-UPS batteries.
Any help would be great, trying to pass scans for auditors, and this throws a couple huge yellow flags up.
Posted: 2021-06-30 08:30 AM
This was originally posted on APC forums on 5/13/2009
So this should be a non-issue? Shouldnt APC and Nessus work out that it should not be a vulnerability?
I just need some concrete evidance from APC about this before we have to remove their software for the UPS's.
Do you know if a newer version of the console, the paid for 8.0.1 version, would fix this?
Posted: 2021-06-30 08:30 AM
This reply was originally posted by Angela on APC forums on 5/11/2009
[here is a thread on some of these issues|http://forums.apc.com/spaces/4/back-ups-surge-protectors/forums/general/4573/3-month-old-xs-900-turn...].
Ports Used by Powerchute Business Edition:
TCP
2161 - Communication between Server and Agent
2160 - Communication between Console and server (PCBE 6.x)
2260 - Communication between Console and server (PCBE 7.x)
3052 - Agent Web UI and Logging features
UDP
2161 - Discovery of Agents by Server
2160 - Discovery of Servers by Console
7846 - Business Edition SNMP Agent
Posted: 2021-06-30 08:30 AM
This was originally posted on APC forums on 5/13/2009
So this should be a non-issue? Shouldnt APC and Nessus work out that it should not be a vulnerability?
I just need some concrete evidance from APC about this before we have to remove their software for the UPS's.
Do you know if a newer version of the console, the paid for 8.0.1 version, would fix this?
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.