Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Does Disabling the CRL Check on Sensors Open Communications to Man in the Middle Attacks?

Carbon Black Cloud: Does Disabling the CRL Check on Sensors Open Communications to Man in the Middle Attacks?

Environment

  • Carbon Black Cloud Sensor: All Supported Versions 
  • Microsoft Windows: All supported versions

Question

Does disabling the Certificate Revocation List (CRL) check at the time of Sensor install result in the Sensor becoming open to man-in-the-middle attacks?

Answer

Disabling the CRL check does not immediately open the Sensor to man in the middle attacks
  • Disabling of the CRL check could be leveraged for a man in the middle attack if a Sensor/Backend communication certificate is revoked
  • No certificate revocations have occurred for Sensor/Backend communication certificates 

Additional Notes


Related Content


Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1885
Contributors