Vulnerability scan reports "SSL Server Allows Anonymous Authentication Vulnerability" on port 2606

Our Equallogics are running the latest firmware (8.03). I have "secure access only" checked, legacy-crypto disabled, SSHv1 disabled.

Does anyone know how to resolve this vulnerability? As far as I understand, this SSL server on port 2606 has something to do with SupportAssist.

I'm fine to just turn this feature off, if only I could figure out how.

Thanks!

Responses(1)

BH

Boss Hogg

4 Posts

0

July 23rd, 2015 21:00

I sent an email regarding this to support, but it was not acknowledged and I thought I might have better luck here!

Thanks for your reply. Actually, the vulnerability is not identified for port 443, but rather for port 2606. I'm still not entirely clear what port 2606 is used for (apparently something with Support Assist, but we're not even using that). We're running SANHQ, but I don't see any connections from it to the Equallogics on this port. As far as I know it's using SNMP and Syslog for communication.

Please provide me with more info if you can, specially regarding this vulnerability as it pertains to port 2606.

Thanks!

View All

EqualLogic

Vulnerability scan reports "SSL Server Allows Anonymous Authentication Vulnerability" on port 2606

Was this post helpful?

Register Now! for Secure Secrets with Kubernetes & DevSecOps - and grab a lab!

Dell Technologies at SpiceWorld 2022