DCO DR 8.2.7 vulnerability - General remote services

Pothan · ‎2020-12-09

HI,

One of our client found the vulnerability on DCO DR version 8.2.7 which is mentioned as below:

38142

SSL Server Allows Anonymous Authentication Vulnerability

4

Active

5432

General remote services

5.1

Disable support for anonymous authentication to mitigate this vulnerability.

Tried upgrading the version to 8.3 but it failed. Even the fresh installation would need lots of approval from customer side which would take more month. right now, customer wanted to resolve this in quick. In the mean-time, do we have any solution to remediate this vulnerability for 8.2.7 other than fresh installation? any suggestions please?

gsterling · ‎2020-12-22

Hello

In regards to your post. The tools referenced by the CVE's in this post are not tools we typically include out of box with DCO 8.2.7. Were these tools added by your staff?

Regards

Greg Sterling