Closed matiya closed 2 years ago
@AssafMiron this line in the 'PVWA_Cryptography_Settings' function this variable needs updating from:
$value = "yes"
to
$value = "value.value"
using this will provide the value of the 'AdvancedFIPSCryptography' in the $currentvalue variable
@matiya are you able to update this line and confirm?
Cheers
Nathan
I have created a pull request with updated code to fix this issue.
@NathTheDude Tested again with the changes in the pull request and now it works:
Thank you!
That's good however in my lab I did see something a bit weird.
In the end report if that specific test passed it will actually lower the overall total percentage of the hardening score.
Do you see the same?
Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Matias Siracusa @.> Sent: Friday, September 24, 2021 10:02:45 AM To: cyberark/CYBRHardeningCheck @.> Cc: Subscribed @.***> Subject: Re: [cyberark/CYBRHardeningCheck] False positive in PVWA Cryptography (#62)
@NathTheDudehttps://github.com/NathTheDude Tested again with the changes in the pull request and now it works: [image]https://user-images.githubusercontent.com/2721638/134648454-9a3dbc00-3b9f-4e0e-a24e-58960709508f.png
Thank you!
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/cyberark/CYBRHardeningCheck/issues/62#issuecomment-926467055, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADCZH7LJ7X3FYPNQMHJOHR3UDQ5DLANCNFSM5EUFZQ4Q. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Yes, that has been the case for me so far. The more errors I correct, the lower the Hardening Status:
Hi @NathTheDude-zz and @matiya , I uploaded a new branch with a fix to these issues - see #66 would you mind checking if it solves the issues like you saw them (both the hardening percentage and the fixes from @NathTheDude-zz on Cryptography settings)?
Thanks, Assaf
With PAS 11.4 and the master branch of this repo I get in the report:
In C:\inetpub\wwwroot\PasswordVault\web.config I have added the line:
<add key="AdvancedFIPSCryptography" value="yes" />
Under the node appSettings.I even can see the property in the config:
with the variables $iisPath and $filter as defined here: https://github.com/cyberark/CYBRHardeningCheck/blob/d6d7fe7e1974890f73d6a48d3810decbff235368/CYBRHardeningCheck/PVWA/PVWAHardeningSteps.psm1#L177
Unfortunately I don't know enough Windows or Powershell to correct the issue.