Community Help Hub

User70780405 · ‎06-18-2020

We are getting Nessus Alerts for the 2 Plugins listed in the Summary. Our Client will not accept KB82163 as a solution to suppress the scans. What are some of the alternatives to fixing this issue without effecting the operational performance of ePO? Can you change the Common Name and Subject Alt name of the self-signed cert? We have 3 AH with one being the main 5.10 console and the other 2 sitting in the AWS cloud. Trying to find a way to show a modified snapshot of our Nessus scan results for each Plugin to help visualize the finding.

cdinet · ‎06-18-2020

Please open a ticket with McAfee for any vulnerability questions like that and they almost always have to go to development.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

User70780405

Did anyone open a McAfee ticket and get a response to this issue? We are encountering the same thing. Client was going to accept a variance based on KB82163 but now wants to find a solution. Can these certs be loaded to the Nessus scanner to avoid them from flagging during scans?

cdinet

I don't know if you can upload them to nessus or not, we are not familiar with its functionality. The KB given is development's official statement regarding those flags. The only certificate that can be changed in epo is the browser cert, which is not involved with ports 8444 or 443. KB72477 tells how to create custom browser cert that includes subjectalt field, but it is not yet available with the default Orion CA cert. Regarding their statement:

The ePO engineering team has researched the findings and concluded that ePO is not vulnerable to the reported findings. Research found that because ports 8444 and 443 are not meant for browsing using a browser.
They are accessed from the McAfee Agent, Agent Handler, or other ePO internal service. The certificate trust is built on OrionCA which is generated per ePO install.

Regarding all warnings, the exception noted for QID 38173 applies:

The ePO server and Agent Handler components communicate only with a restricted set of clients who have the trusted certificate chain. The CA certificate is not available publicly and can't be verified remotely.

In addition, to prevent future concern on the part of Qualys customers, McAfee has filed an enhancement request to address QID 38170. The request is to set the subjectAltName value as advised by the QID.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

Re: Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

Re: Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

Re: Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

Community Help Hub

Join the Community