27th May 2015

RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i

ibmi-bar-mitzvah-virus-attack

IBM has provided some instructions on addressing the issue of RC4 vulnerability in SSL/TLS protocols on the IBM i.

This vulnerability is often referred to as the “Bar Mitzvah Attack”.

IBM says:

“The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information”.

The guidance gives programmers step-by-step guidance on how to disable the weak RC4 cyphers in the IBM i. IBM i releases 6.1, 7.1 and 7.2 can be affected by this vulnerability.

Users of BCD Software products (now Fresche Solutions) are recommended to read the article in order to make sure their Clover, Nexus, Presto and WebSmart ILE/PHP Apache servers with SSL enabled are secured.

You may also want to review the range of IBM i security, compliance and auditing tools from Raz-Lee Security.

Posted by Paul on 27th May 2015.