Instance Scan Findings -Triple DES Usages in Password2 Fields

piyushrusia1998 · ‎03-06-2024

Hi All,
While doing instance checks on my instance which is on Washington release I am getting 2 findings in check "Triple DES Usages in Password2 Fields". but not getting to know how to resolve these findings , is this to be done by me or will be updated by ServiceNow in upcoming patch. This is also one of the critical update pending.

XvE · ‎04-02-2024

Hi,

Check out KB1443041 on the support site.

That will run you through the steps to deprecate 3DES encryption.

Unfortunately, that doesn't seem to remove the Instance Scan finding.

However, looking at the script that checks for this finding, you should simply be able to update the attribute of the 2 records to not have the use_legacy_glideencrypter or is_legacy_password2 attributes.

Once you've run through the KB, those won't be used any more anyway.

Hope this helps.

shrikarvs · ‎07-31-2024

Hi, we have the same findings. can you let me know what you did with the Findings.

Thanks for your help.

XvE · ‎07-31-2024

For our instance, I resolved this by adding the attribute:

use_instance_level_glideencrypter=true

That way, it will be excluded from the scan

It does mean customizing the OOB dictionary entries, but hopefully SN will come up with a permanent solution at some point.

My SN support case run out of steam when they mentioned that the checks are there solely to inform you to do something, but they never provided an actual solution.