Nagios NRPE Vulnerability Issue

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
tinut89
Posts: 13
Joined: Tue Mar 05, 2019 6:52 am

Nagios NRPE Vulnerability Issue

Post by tinut89 »

Hi ,

Around 500 machines is getting vulnerability issue on port 5666 [Nrpe Client]

NRPE Version using on server is 2.13 which is old version I know.

Vulnerability Details.

1.TLS Server Supports TLS version 1.0
2.TLS Server Supports TLS version 1.1
3.TLS/SSL Server is enabling the BEAST attack
4.TLS/SSL Server is enabling the POODLE attack
5.TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566)
6.TLS/SSL Server Supports The Use of Static Key Ciphers


Is there any option to fix this without upgrading the NRPE Client ?

Note: I am not using any SSL on Nagios Server and Nagios Client.

Regards.
Tinu
Top
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: Nagios NRPE Vulnerability Issue

Post by mbellerue »

Unfortunately no, there's no real workaround here. The NRPE clients are just old and need to be updated.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Nagios XI”