Sweet32 errors when atera/splashtop installed on machine

billy
billy Member Posts: 10
edited December 2023 in Remote Monitoring

i've been getting some machines ready for a Cyber essentials Plus audit and it has been failing constantly on a sweet32 vulnerability. couldnt figure it out but when i remove both atera and splashtop it passes without issue.

anyone else seeing this or aware of it. on port 9527/tcp

Tagged:

Comments

  • [Deleted User]
    [Deleted User] Posts: 0 ✭✭

    Hey @billy I want to tackle this with our support team. Did you raise a ticket with them as well?

  • billy
    billy Member Posts: 10
    edited July 2023

  • tanderson
    tanderson Member Posts: 279 ✭✭✭✭

    @billy The Sweet32 vulnerability is an attack on older block ciphers that use a 64-bit block size. The issue arises due to the birthday problem in cryptography, where after a certain amount of traffic (which is actually not that high in modern terms), collisions can occur in the cipher block, allowing an attacker to begin to deduce information about the plain text. This vulnerability mainly affects 3DES and Blowfish encryption protocols.

    Software vendors should address such vulnerabilities by either implementing a newer, more secure protocol, or by using the old protocol in a way that minimizes the vulnerability (for instance, by forcing re-keying before too much traffic is sent with a single key). If Atera and Splashtop are causing your systems to fail the Cyber Essentials Plus audit due to this vulnerability, it's possible they are either still using these vulnerable protocols, or their implementation of these protocols is flawed.

    Port 9527/tcp is not a well-known port, and different applications might use it for various purposes. If this port is showing up as vulnerable in your audit, it could be that either Atera or Splashtop, or both, are using it in a way that is susceptible to the Sweet32 attack.

    If you've narrowed the problem down to these two applications, it would be a good idea to reach out to their respective support teams for assistance. They might have a patch available or be able to provide guidance on how to configure their software to pass the audit. It's also possible that this is a known issue they're working to resolve.

  • billy
    billy Member Posts: 10

    i have..

    stated that not atera, but possible location specific issue with splashtop

  • nina
    nina Internal Posts: 428 ✭✭✭✭✭

    Hi @billy - Are you still seeing this issue? All good?