MOHIT_125417
May 22, 2015Altostratus
SSL/TLS use of weak RC4 cipher
Dear Geeks,
As per Infosec subjected vulnerability found during the scan on one of the VIP hosted on the loadbalancer.
I googled & found the below solution to mitigate the same:
Solution: RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues.
Can somebody guide me what is basically the Impact of this vulnerability & any prerequesite on Loadbalacner & Backed servers. Please help here.