|
IP,Hostname,Port,Port Protocol,CVSS,Severity,QoD,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
|
|
192.168.43.254,,22,tcp,5.3,Medium,80,"Mitigation","Weak (Small) Public Key Size(s) (SSH)","The remote SSH server uses a weak (too small) public key
|
|
size.","The remote SSH server uses a public RSA key with the following weak (too small) size: 1024
|
|
",1.3.6.1.4.1.25623.1.0.150712,"",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,cb1c927f-f22c-487e-a50d-78fc07cc66a4,"A man-in-the-middle attacker can exploit this vulnerability to
|
|
record the communication to decrypt the session key and even the messages.","'- <= 1024 bit for RSA based keys:
|
|
|
|
Install a RSA public key length of 2048 bits or greater, or to switch to more secure key types.","","'- <= 1024 bit for RSA based keys:
|
|
|
|
Best practices require that RSA digital signatures be 2048 or more bits long to provide adequate
|
|
security. Key lengths of 1024 are considered deprecated since 2011.","Checks the public key size of the remote SSH server.
|
|
|
|
Currently weak (too small) key sizes are defined as the following:
|
|
|
|
- <= 1024 bit for RSA based keys
|
|
Details:
|
|
Weak (Small) Public Key Size(s) (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.150712)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
192.168.43.254,,22,tcp,5.3,Medium,80,"Mitigation","Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak key
|
|
exchange (KEX) algorithm(s).","The remote SSH server supports the following weak KEX algorithm(s):
|
|
|
|
KEX algorithm | Reason
|
|
-------------------------------------------------------------------------------------------
|
|
diffie-hellman-group-exchange-sha1 | Using SHA-1
|
|
diffie-hellman-group1-sha1 | Using Oakley Group 2 (a 1024-bit MODP group) and SHA-1
|
|
",1.3.6.1.4.1.25623.1.0.150713,"",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,e3d2ef23-a81e-4bda-89d3-9df48b617136,"An attacker can quickly break individual connections.","Disable the reported weak KEX algorithm(s)
|
|
|
|
- 1024-bit MODP group / prime KEX algorithms:
|
|
|
|
Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.","","'- 1024-bit MODP group / prime KEX algorithms:
|
|
|
|
Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key
|
|
exchange. Practitioners believed this was safe as long as new key exchange messages were generated
|
|
for every connection. However, the first step in the number field sieve-the most efficient
|
|
algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime.
|
|
|
|
A nation-state can break a 1024-bit prime.","Checks the supported KEX algorithms of the remote SSH server.
|
|
|
|
Currently weak KEX algorithms are defined as the following:
|
|
|
|
- non-elliptic-curve Diffie-Hellmann (DH) KEX algorithms with 1024-bit MODP group / prime
|
|
|
|
- ephemerally generated key exchange groups uses SHA-1
|
|
|
|
- using RSA 1024-bit modulus key
|
|
Details:
|
|
Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.150713)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
192.168.43.254,,23,tcp,4.8,Medium,70,"Mitigation","Telnet Unencrypted Cleartext Login","The remote host is running a Telnet service that allows cleartext logins over
|
|
unencrypted connections.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.108522,"",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,e66dea6a-7c69-4e7c-bf12-afec6f9d303f,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
Telnet service.","Replace Telnet with a protocol like SSH which supports encrypted connections.","","","
|
|
Details:
|
|
Telnet Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108522)
|
|
Version used: 2023-10-13T13:06:09+08:00
|
|
","","","",""
|
|
192.168.43.254,,22,tcp,4.3,Medium,80,"Mitigation","Weak Encryption Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak
|
|
encryption algorithm(s).","The remote SSH server supports the following weak client-to-server encryption algorithm(s):
|
|
|
|
3des-cbc
|
|
aes128-cbc
|
|
aes256-cbc
|
|
des-cbc
|
|
|
|
|
|
The remote SSH server supports the following weak server-to-client encryption algorithm(s):
|
|
|
|
3des-cbc
|
|
aes128-cbc
|
|
aes256-cbc
|
|
des-cbc
|
|
",1.3.6.1.4.1.25623.1.0.105611,"",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,a18578bf-ecb3-4295-baee-589a748fa9f6,"","Disable the reported weak encryption algorithm(s).","","'- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit
|
|
keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour
|
|
(and RC4) has problems with weak keys, and should not be used anymore.
|
|
|
|
- The 'none' algorithm specifies that no encryption is to be done. Note that this method provides
|
|
no confidentiality protection, and it is NOT RECOMMENDED to use it.
|
|
|
|
- A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to
|
|
recover plaintext from a block of ciphertext.","Checks the supported encryption algorithms (client-to-server
|
|
and server-to-client) of the remote SSH server.
|
|
|
|
Currently weak encryption algorithms are defined as the following:
|
|
|
|
- Arcfour (RC4) cipher based algorithms
|
|
|
|
- 'none' algorithm
|
|
|
|
- CBC mode cipher based algorithms
|
|
Details:
|
|
Weak Encryption Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.105611)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
192.168.43.254,,443,tcp,4.3,Medium,98,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0
|
|
and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.1 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT.
|
|
",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,b5b53911-4a4c-4304-8770-18bbcfc886fa,"An attacker might be able to use the known cryptographic flaws
|
|
to eavesdrop the connection between clients and the service to get access to sensitive data
|
|
transferred within the secured connection.
|
|
|
|
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
|
|
anymore.","It is recommended to disable the deprecated TLSv1.0 and/or
|
|
TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more
|
|
information.","All services providing an encrypted communication using the
|
|
TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic
|
|
flaws like:
|
|
|
|
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
|
|
|
|
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy
|
|
Encryption (FREAK)","Check the used TLS protocols of the services provided by this
|
|
system.
|
|
Details:
|
|
SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
|
|
(OID: 1.3.6.1.4.1.25623.1.0.117274)
|
|
Version used: 2023-10-21T00:09:12+08:00
|
|
","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408,DFN-CERT-2016-1372,DFN-CERT-2016-1164,DFN-CERT-2016-0388,DFN-CERT-2015-1853,DFN-CERT-2015-1332,DFN-CERT-2015-0884,DFN-CERT-2015-0800,DFN-CERT-2015-0758,DFN-CERT-2015-0567,DFN-CERT-2015-0544,DFN-CERT-2015-0530,DFN-CERT-2015-0396,DFN-CERT-2015-0375,DFN-CERT-2015-0374,DFN-CERT-2015-0305,DFN-CERT-2015-0199,DFN-CERT-2015-0079,DFN-CERT-2015-0021,DFN-CERT-2014-1414,DFN-CERT-2013-1847,DFN-CERT-2013-1792,DFN-CERT-2012-1979,DFN-CERT-2012-1829,DFN-CERT-2012-1530,DFN-CERT-2012-1380,DFN-CERT-2012-1377,DFN-CERT-2012-1292,DFN-CERT-2012-1214,DFN-CERT-2012-1213,DFN-CERT-2012-1180,DFN-CERT-2012-1156,DFN-CERT-2012-1155,DFN-CERT-2012-1039,DFN-CERT-2012-0956,DFN-CERT-2012-0908,DFN-CERT-2012-0868,DFN-CERT-2012-0867,DFN-CERT-2012-0848,DFN-CERT-2012-0838,DFN-CERT-2012-0776,DFN-CERT-2012-0722,DFN-CERT-2012-0638,DFN-CERT-2012-0627,DFN-CERT-2012-0451,DFN-CERT-2012-0418,DFN-CERT-2012-0354,DFN-CERT-2012-0234,DFN-CERT-2012-0221,DFN-CERT-2012-0177,DFN-CERT-2012-0170,DFN-CERT-2012-0146,DFN-CERT-2012-0142,DFN-CERT-2012-0126,DFN-CERT-2012-0123,DFN-CERT-2012-0095,DFN-CERT-2012-0051,DFN-CERT-2012-0047,DFN-CERT-2012-0021,DFN-CERT-2011-1953,DFN-CERT-2011-1946,DFN-CERT-2011-1844,DFN-CERT-2011-1826,DFN-CERT-2011-1774,DFN-CERT-2011-1743,DFN-CERT-2011-1738,DFN-CERT-2011-1706,DFN-CERT-2011-1628,DFN-CERT-2011-1627,DFN-CERT-2011-1619,DFN-CERT-2011-1482,WID-SEC-2023-1435,CB-K18/0799,CB-K16/1289,CB-K16/1096,CB-K15/1751,CB-K15/1266,CB-K15/0850,CB-K15/0764,CB-K15/0720,CB-K15/0548,CB-K15/0526,CB-K15/0509,CB-K15/0493,CB-K15/0384,CB-K15/0365,CB-K15/0364,CB-K15/0302,CB-K15/0192,CB-K15/0079,CB-K15/0016,CB-K14/1342,CB-K14/0231,CB-K13/0845,CB-K13/0796,CB-K13/0790",""
|
|
192.168.43.254,,22,tcp,2.6,Low,80,"Mitigation","Weak MAC Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak MAC
|
|
algorithm(s).","The remote SSH server supports the following weak client-to-server MAC algorithm(s):
|
|
|
|
hmac-md5
|
|
hmac-md5-96
|
|
hmac-sha1-96
|
|
|
|
|
|
The remote SSH server supports the following weak server-to-client MAC algorithm(s):
|
|
|
|
hmac-md5
|
|
hmac-md5-96
|
|
hmac-sha1-96
|
|
",1.3.6.1.4.1.25623.1.0.105610,"",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,36cbd53f-7570-46cd-85da-69fc45122492,"","Disable the reported weak MAC algorithm(s).","","","Checks the supported MAC algorithms (client-to-server and
|
|
server-to-client) of the remote SSH server.
|
|
|
|
Currently weak MAC algorithms are defined as the following:
|
|
|
|
- MD5 based algorithms
|
|
|
|
- 96-bit based algorithms
|
|
|
|
- 64-bit based algorithms
|
|
|
|
- 'none' algorithm
|
|
Details:
|
|
Weak MAC Algorithm(s) Supported (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.105610)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
192.168.43.254,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 3937692180
|
|
Packet 2: 3937693260
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,f1c5a816-e7e0-4f5f-a28d-40e4b000ca66,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
192.168.43.254,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,f324c7c4-31d7-47bd-866e-e976d4c1e546,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
192.168.43.254,,,,2.1,Low,80,"Mitigation","ICMP Netmask Reply Information Disclosure","The remote host responded to an ICMP netmask request.","Received Netmask: 255.255.255.0
|
|
",1.3.6.1.4.1.25623.1.0.146440,"CVE-1999-0524",2c98cf4e-68f9-46e3-868b-433d63bb8a3d,"43.0-1-4",2024-06-06T12:02:37+08:00,9670b4b2-55c8-493e-8aad-e4241fdcdf99,"This information might give an attacker information for further
|
|
reconnaissance and/or attacks (e.g. subnet structure, filter bypass, etc.).","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP netmask on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Netmask Reply is an ICMP message which replies to a Netmask
|
|
message.","
|
|
Details:
|
|
ICMP Netmask Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.146440)
|
|
Version used: 2022-11-17T18:12:09+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
