Hi, a customer made a vulnerability assesment on a couple of TSEs machines in a System Platform Architecture and a client machine of WorkTasks, and discovered that on these machines are enabled some encryption ciphers that are deprecated, and their intention is to disable them via register key.
The ciphers in question are DES, 3DES, IDEA and RC2, and this is the vulnerability encountered:
"Legacy block ciphers with block sizes of 64 bits are vulnerable to a practical collision attack when used in CBC mode.".
Do you know if these ciphers are actually used by the platform/WT?
Is the pocess of disabilitation via register key supported by System Platform/WT?
The only information i found on the case database is the case 960148297, where it is said that for the RC4 cipher disabilitation there is no standard procedure by AVEVA.
Do you have any additional official information on this topic?
Thank you.
