Problem Note 35907: Man-in-the-middle/downgrade attacks could cause credentials to improperly encrypt during the initial login from a SAS® client
 |  |  |  |  |
A Man–in–the–middle/downgrade attack can be performed on SAS clients. As a result, the credentials might not encrypt properly during the initial login from a SAS client.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | Base SAS | Microsoft® Windows® for 64-Bit Itanium-based Systems | 9.1 TS1M3 SP4 | 9.2 TS2M2 |
| Microsoft Windows Server 2003 Datacenter 64-bit Edition | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Microsoft Windows Server 2003 Enterprise 64-bit Edition | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Microsoft Windows XP 64-bit Edition | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Microsoft Windows 2000 Advanced Server | 9.1 TS1M3 SP4 | |||
| Microsoft Windows 2000 Datacenter Server | 9.1 TS1M3 SP4 | |||
| Microsoft Windows 2000 Server | 9.1 TS1M3 SP4 | |||
| Microsoft Windows 2000 Professional | 9.1 TS1M3 SP4 | |||
| Microsoft Windows NT Workstation | 9.1 TS1M3 SP4 | |||
| Microsoft Windows Server 2003 Datacenter Edition | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Microsoft Windows Server 2003 Enterprise Edition | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Microsoft Windows Server 2003 Standard Edition | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Microsoft Windows XP Professional | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Windows Vista | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| 64-bit Enabled AIX | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| 64-bit Enabled HP-UX | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| 64-bit Enabled Solaris | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| HP-UX IPF | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Linux | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Linux on Itanium | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| OpenVMS Alpha | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Solaris for x64 | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
| Tru64 UNIX | 9.1 TS1M3 SP4 | 9.2 TS2M2 | ||
A fix for this issue for SAS Information Map Studio 3.1 is available at:
http://www.sas.com/techsup/download/hotfix/ims31.html#035907A fix for this issue for SAS Management Console 9.1.3 is available at:
http://www.sas.com/techsup/download/hotfix/smc913.html#035907A fix for this issue for SAS Integration Technologies Client for Windows 9.1.3 is available at:
http://www.sas.com/techsup/download/hotfix/itclient913.html#035907A fix for this issue for SAS Information Delivery Portal 9.1.3 is available at:
http://www.sas.com/techsup/download/hotfix/idp913.html#035907| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2009-05-15 09:25:36 |
| Date Created: | 2009-05-13 11:03:07 |