Vulnerability in SSL 3.0 Could Allow Information Disclosure

  • Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Group Policy You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Turn Off Encryption Support Group Policy Object.
    1. Open Group Policy Management.
    2. Select the group policy object to modify, right click and select Edit.
    3. In the Group Policy Management Editor, browse to the following setting:Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Explorer Control Panel -> Advanced Page -> Turn Off Encryption Support
    4. Double-click the Turn off Encryption Support setting to edit the setting.
    5. Click Enabled.
    6. In the Options window, change the Secure Protocol combinations setting to “Use TLS 1.0, TLS 1.1, and TLS 1.2“.
    7. Click OK.
  • Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Advanced Security settings in Internet Explorer.To change the default protocol version to be used for HTTPS requests, perform the following steps:
    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab.
    3. In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0Use TLS 1.1, and Use TLS 1.2 (if available).
    4. Click OK.
    5. Exit and restart Internet Explorer.

Disable OTP Sophos UTM 9.2 via Shell

Dang it! I also locked myself out of the webadmin on Sophos UTM 9.2 while trying out their OTP function with Google Authenticator.

Here’s how I fixed this problem:

Login to the Firewall Console Interface as root
at the / type
cc
then auth and press enter,
it will list out:
ad_sso
auto_add_to_facility@
auto_add_users$
block
cache_lifetime$
edir_sso
otp
servers@

Type otp and press enter,
it will list out:
auto_create_token$
default_timestep$
facilities@
require_all_users$
required_users@
status$

Type facilities@ and press enter,
finally listing:
0 webadmin
1 portal
2 ipsec
3 openvpn

Type -0 and press enter, where it will redisplay (in this case)
0 portal
1 ipsec
3 openvpn

Login as admin to your firewall via the webadmin!!!