Skip to main content
Skip table of contents

Handle the CVE-2021-3449 Vulnerability

An openSSL vulnerability has been found, that can affect Smart ID Digital Access componentThis article describes how to handle the vulnerability.

This vulnerability can affect all versions of Hybrid Access Gateway and Digital Access from 5.13.x to 6.0.4.

According to an advisory published by OpenSSL, CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious "ClientHello" message during the handshake between the server and a user.

More details can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449

In order to stay un-affected by this vulnerability in Hybrid Access Gateway and Digital Access, we strongly recommend you to disable the renegotiations in the Access points as shown below.

  1. In Digital Access Admin, go to Manage System > Access points > Edit Access point.
  2. Disable (uncheck) these options:
    1. Allow renegotiation
    2. Renegotiation DoS protection

  3. Go to Manage System > Access points > Manage Global access settings.
  4. Disable (uncheck) Enable legacy renegotiation.

  5. Click Save.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.