Description
In EPM 2017.3, the CBA8 Root Certification Authority still uses SHA1 as its signature algorithm.
This certificate is present on clients and may be noticed on communications to the EPM agent. This may be flagged by security scanners, however, it doesn't pose an inherent vulnerability.
This certificate is only used to sign the client's local client certificate, and not to secure any communications. The client certificate does use SHA256, and this is what is used to secure communications sent from the agent, not the CBA8 Root Certification Authority certificate.
Ivanti is looking into addressing this in a future release.
