Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows