Its important to note, that this legislation its not only applicable for Citrix but for all brands that sell devices in order to maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. "Yes this is correct, the delay started after the California Password legislation AB 1906 release, which caused an entire code review not only for the DropBear vulnerability but for the entire software.Įngineering provided the workaround for the DropBear vulnerability, so this can be used as a mitigation measure. "As best practice, Dropbear SSH server will be upgraded to the newer version in an upcoming IPMI/LOM version." -Citrix December 2016 They are still researching what the most current LOM firmware version as they can't seem to give provide that info but somehow are being held up releasing an updated LOM with a fix for a 2016 vulnerability due to a CA law that took effect in Jan 1 2020. I opened a support case due to the security team flagging the MPX LOM with DropBear vulnerability.Īfter researching for a week the support person said Citrix can't release security fixes due to a law.
0 kommentar(er)
