Pen Test of Externally Facing Services, and recommendations.
Hello
We have had a Pen test of our firewalls, website and activesync ssl cert and got the following results:
(i edited/removed the sensitive data)
3. SUMMARY OF VULNERABILITIES: HIGH / MEDIUM
3.1. VULNERABILITY IMPACT RATINGS
HIGH
HIGH: Successful exploitation could lead to highly privileged access to the target
host or cause a denial of service condition.
Medium
Medium: Exploitation of the vulnerability will not directly lead to privileged
access to the host, service or data. However, vulnerabilities with a Medium
impact can often be combined with other flaws to elevate their impact.
Low
Low: This impact rating is assigned to vulnerabilities that, when exploited in
isolation, have a negligible impact on security. Typically vulnerabilities that
disclose information that may be useful to the attacker are considered to have a
low impact.
5
3.2. GRAPHICAL SUMMARY
Impact / Ref Description Affected Hosts
CVSS: 9.3
Impact/Prob:
High/High
OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based
on its acceptance of a specially crafted handshake.
IP Add
CVSS: 9.3
Impact/Prob:
High/Low
Insecure Protocols Detected
POP3 and FTP are enabled on the remote host. Protocols such as these do not encrypt network
traffic sent between client/server.
IP Add
7
3.4. MEDIUM IMPACT VULNERABILITIES
The following vulnerabilities have been assigned a Medium impact rating.
Impact / Ref Description Affected Hosts
CVSS: 6.4
Impact/Prob:
Medium/Medium
SSL Self-Signed Certificate
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If
the remote host is a public host in production, this nullifies the use of SSL as anyone could
establish a man-in-the-middle attack against the remote host.
IP Add, IP Add2,
IP Add3
CVSS: 6.4
Impact/Prob:
Medium/Medium
SSL Certificate Cannot Be Trusted
The server's X.509 certificate does not have a signature from a known public certificate authority.
This situation can occur in three different ways, each of which results in a break in the chain
below which certificates cannot be trusted.
IP Add, IP Add2,
IP Add3
CVSS: 5.0
Impact/Prob:
Medium/Medium
SSL Version 2 and 3 Protocol Detection
The remote service accepts connections encrypted using SSL 2.0 or 3.0, which reportedly suffer
from several cryptographic flaws. An attacker may be able to exploit these issues to conduct
man-in-the-middle attacks or decrypt communications between the affected service and clients.
IP Add, IP Add2,
IP Add3
CVSS: 5.0
Impact/Prob:
Medium/Medium
Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key
The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode
with Pre-Shared key (PSK) authentication. Such a configuration could allow an attacker to capture
and crack the PSK of a VPN gateway and gain unauthorized access to private networks.
IP Add2, IP Add3,
IP Add4
8
Impact / Ref Description Affected Hosts
CVSS: 5.0
Impact/Prob:
Medium/Medium
SSL Certificate with Wrong Hostname
The commonName (CN) of the SSL certificate presented on this service is for a different machine.
IP Add, IP Add2
CVSS: 5.0
Impact/Prob:
Medium/Medium
Microsoft Exchange Client Access Server Information Disclosure
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure
vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the
server's internal IP address.
IP Add2
CVSS: 5.0
Impact/Prob:
Medium/Medium
SSL Certificate Expiry
Sec-1 checks expiry dates of certificates associated with SSL- enabled services on the target and
reports whether any have already expired.
IP Add
CVSS: 4.3
Impact/Prob:
Medium/Medium
TLS Padding Oracle Information Disclosure Vulnerability (TLS POODLE)
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability
known as POODLE. The vulnerability is due to the TLS server not verifying block cipher padding
when using a cipher suite that employs a block cipher such as AES and DES. The lack of padding
checking can allow encrypted TLS traffic to be decrypted. This vulnerability could allow for the
decryption of HTTPS traffic by an unauthorized third party.
IP Add2, IP Add3
CVSS: 4.3
Impact/Prob:
Medium/Medium
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability
known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when
decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM
attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to
force a victim application to repeatedly send the same data over newly created SSL 3.0
connections.
IP Add, IP Add2,
IP Add3
9
Impact / Ref Description Affected Hosts
CVSS: 4.3
Impact/Prob:
Medium/Medium
SSL Weak and Medium Strength Cipher Suites Supported
The remote host supports the use of SSL ciphers that offer medium strength encryption, which
we currently regard as those with key lengths at least 56 bits and less than 112 bits.
IP Add
CVSS: 4.0
Impact/Prob:
Medium/Medium
SSH Protocol Version 1 Session Key Retrieval
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the
SSH protocol.
IP Add3
10
4. ASSESSMENT RESULTS
4.1. OPENSSL 'CHANGECIPHERSPEC' MITM VULNERABILITY
CVSS Score: 9.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I
CVE: CVE-2010-5298
Affected: IP Add
The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its acceptance of a specially crafted handshake.
This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been
exchanged, which causes predictable keys to be used to secure future traffic.
Note that Sec-1 has only tested for an SSL/TLS MiTM vulnerability (CVE-2014-0224). However, Sec-1 has inferred that the OpenSSL service on the remote host is also
affected by six additional vulnerabilities that were disclosed in OpenSSL's June 5th, 2014 security advisory:
An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is
exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD'
cache side-channel attack. (CVE-2014-0076)
A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks. Note
that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this
issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS
client. (CVE-2014-0221)
An error exists in the 'dtls1_get_message_fragmen
this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
OpenSSL did not release individual patches for these vulnerabilities, instead they were all patched under a single version release. Note that the service will remain
vulnerable after patching until the service or host is restarted.
11
4.1.1. REMEDIATION
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1
SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
4.1.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
The remote service on port 8443 accepted an early ChangeCipherSpec message, which caused
the MAC and to be derived entirely from public information. The entire SSL
handshake was completed, with the server accepting and producing messages encrypted and
authenticated using these weak keys.
Example: IP Add [port: 443]
The remote
to be derived entirely from public information. The entire SSL
handshake was completed, with the server accepting and producing messages encrypted and
authenticated using these weak keys.
Example: IP Add [port: 25]
The remote
the server accepting and producing messages encrypted and
authenticated using these weak keys.
Example: IP Add [port: 110]
The remote service
to be derived entirely from public information. The entire SSL
handshake was completed, with the server accepting and producing messages encrypted and
authenticated using these weak keys.
12
4.2. INSECURE PROTOCOLS DETECTED
CVSS Score: 9.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I
Affected: IP Add
An FTP service is accessible on the affected host via the internet. FTP is considered insecure as it does not encrypt network traffic.
Additionally the internal IP address (3rdparty_web_ftp_site) was disclosed upon connecting to the service. Attackers can use internal IP addresses in conjunction with other
attacks in attempts to gain unauthorised access.
The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover usernames and passwords by sniffing
traffic to the POP3 daemon is a less secure authentication mechanism (eg, USER command, AUTH PLAIN, AUTH LOGIN) is used.
4.2.1. REMEDIATION
Disable the use of FTP and use SSH instead. Enforce the use of SSL on the POP3 protocol
13
4.3. SSL SELF-SIGNED CERTIFICATE
CVSS Score: 6.4 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add, IP Add2, IP Add3
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL
as anyone could establish a man-in-the-middle attack against the remote host.
Note that Sec-1 does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
4.3.1. REMEDIATION
Purchase or generate a proper certificate for this service.
4.3.2. TECHNICAL ANALYSIS
Example: IP Add3 [port: 443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : CN=IP Add3
Example: IP Add [port: 443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 25]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
14
Example: IP Add [port: 110]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 8443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
Example: IP Add2 [port: 8443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : CN=IP Add2
15
4.4. SSL CERTIFICATE CANNOT BE TRUSTED
CVSS Score: 6.4 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add, IP Add2, IP Add3
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in
a break in the chain below which certificates cannot be trusted.
First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain
is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate
authority.
Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's
'notBefore' dates, or after one of the certificate's 'notAfter' dates.
Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting
the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm
that Sec-1 either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This
could make it easier to carry out man-in-the-middle attacks against the remote host.
4.4.1. REMEDIATION
Purchase or generate a proper certificate for this service.
4.4.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:23 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
16
Example: IP Add [port: 110]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:01 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 25]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:01 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 443]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:01 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
Example: IP Add3 [port: 443]
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : CN=IP Add3
|-Issuer : CN=IP Add3
17
Example: IP Add2 [port: 8443]
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : CN=IP Add2
|-Issuer : CN=IP Add2
18
4.5. SSL VERSION 2 AND 3 PROTOCOL DETECTION
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add, IP Add2, IP Add3
The remote service accepts connections encrypted using SSL 2.0 or 3.0, which reportedly suffer from several cryptographic flaws. An attacker may be able to exploit these
issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
NIST has determined SSL v3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet
the PCI SSC’s definition of ‘strong cryptography’.
4.5.1. REMEDIATION
Consult the application's documentation to disable SSL 2.0 and 3.0. Use TLS 1.0 or higher instead.
4.5.2. TECHNICAL ANALYSIS
Example: IP Add3 [port: 443]
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add [port: 8443]
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add [port: 25]
- SSLv2 is enabled, and the server supports at least one cipher.
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add [port: 443]
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add2 [port: 8443]
- SSLv3 is enabled, and the server supports at least one cipher.
19
Example: IP Add2 [port: 443]
- SSLv2 is enabled, and the server supports at least one cipher.
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add2 [port: 25]
- SSLv3 is enabled, and the server supports at least one cipher.
20
4.6. INTERNET KEY EXCHANGE (IKE) AGGRESSIVE MODE WITH PRE-SHARED KEY
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
CVE: CVE-2002-1623
Affected: IP Add2, IP Add3, IP Add4
The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared key (PSK) authentication. Such a configuration could allow
an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks.
4.6.1. REMEDIATION
Disable Aggressive Mode if supported.
Do not use Pre-Shared key for authentication if it's possible.
If using Pre-Shared key cannot be avoided, use very strong keys.
If possible, do not allow VPN connections from any IP addresses.
Note that Sec-1 does not run over IPv6.
21
4.7. SSL CERTIFICATE WITH WRONG HOSTNAME
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I
Affected: IP Add, IP Add2
The commonName (CN) of the SSL certificate presented on this service is for a different machine.
4.7.1. REMEDIATION
Purchase or generate a proper certificate for this service.
4.7.2. TECHNICAL ANALYSIS
Example: IP Add2 [port: 25]
The identities known by Sec-1 are :
autodiscover.external_work
email.domain.com
wan_ip_isp-domain-name.net
The Common Name in the certificate is :
server
The Subject Alternate Names in the certificate are :
server
server.internal_domain.loc
Example: IP Add [port: 21]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
22
Example: IP Add [port: 25]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
Example: IP Add [port: 443]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
Example: IP Add [port: 110]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
Example: IP Add [port: 8443]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
23
4.8. MICROSOFT EXCHANGE CLIENT ACCESS SERVER INFORMATION DISCLOSURE
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add2
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability
to learn the server's internal IP address.
4.8.1. REMEDIATION
There is no known fix at this time.
4.8.2. TECHNICAL ANALYSIS
Example: IP Add2 [port: 443]
Sec-1 was able to verify the issue with the following request :
GET /autodiscover/autodiscover
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Which returned the following IP address :
172.19.10.21
24
4.9. SSL CERTIFICATE EXPIRY
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I
Affected: IP Add
Sec-1 checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
4.9.1. REMEDIATION
Purchase or generate a new SSL certificate to replace the existing one.
4.9.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
The SSL certificate has already expired :
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:23 2012 GMT
Not valid after : Jul 5 16:08:23 2013 GMT
Example: IP Add [port: 110]
The SSL certificate has already expired :
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:01 2012 GMT
Not valid after : Jul 5 16:08:01 2013 GMT
Example: IP Add [port: 25]
The SSL certificate has already expired :
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:01 2012 GMT
Not valid after : Jul 5 16:08:01 2013 GMT
Example: IP Add [port: 443]
The SSL certificate has already expired :
25
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:01 2012 GMT
Not valid after : Jul 5 16:08:01 2013 GMT
26
4.10. TLS PADDING ORACLE INFORMATION DISCLOSURE VULNERABILITY (TLS POODLE)
CVSS Score: 4.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I
CVE: CVE-2014-8730
Affected: IP Add2, IP Add3
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the TLS server not verifying
block cipher padding when using a cipher suite that employs a block cipher such as AES and DES. The lack of padding checking can allow encrypted TLS traffic to be
decrypted. This vulnerability could allow for the decryption of HTTPS traffic by an unauthorized third party.
4.10.1. REMEDIATION
Contact the vendor for an update.
27
4.11. SSLV3 PADDING ORACLE ON DOWNGRADED LEGACY ENCRYPTION VULNERABILITY (POODLE)
CVSS Score: 4.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I
CVE: CVE-2014-3566
Affected: IP Add, IP Add2, IP Add3
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text
in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the client and service.
The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients; however, it can only protect connections when the client and
service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.
This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is the only way to completely mitigate the vulnerability.
4.11.1. REMEDIATION
Disable SSLv3.
Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.
4.11.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add [port: 25]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
28
Example: IP Add [port: 443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add3 [port: 443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add2 [port: 8443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add2 [port: 443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add2 [port: 25]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
29
4.12. SSL WEAK AND MEDIUM STRENGTH CIPHER SUITES SUPPORTED
CVSS Score: 4.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I
Affected: IP Add
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than
112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
4.12.1. REMEDIATION
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
4.12.2. TECHNICAL ANALYSIS
Example: IP Add [port: 25]
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv2
DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=MD5
TLSv1
EDH-
Au=RSA Enc=DES-CBC(56) Mac=SHA1
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC2-
Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-ADH
(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2-CBC(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
30
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add [port: 443]
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EDH-RSA-
key)
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
31
4.13. SSH PROTOCOL VERSION 1 SESSION KEY RETRIEVAL
CVSS Score: 4.0 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2001-0361
Affected: IP Add3
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically safe so they should not be used.
4.13.1. REMEDIATION
Disable compatibility with version 1 of the protocol.
32
4.14. SSH WEAK MAC ALGORITHMS ENABLED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
Affected: IP Add, IP Add2
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.
Note that Sec-1 only checks for the options of the SSH server and does not check for vulnerable software versions.
4.14.1. REMEDIATION
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
4.14.2. TECHNICAL ANALYSIS
Example: IP Add2 [port: 22]
The following client-to-server Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
Example: IP Add [port: 2020]
The following client-to-server Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
33
4.15. SMTP SERVICE CLEARTEXT LOGIN PERMITTED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
Affected: IP Add
The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names
and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.
4.15.1. REMEDIATION
Configure the service to support less secure authentication mechanisms only over an encrypted channel.
4.15.2. TECHNICAL ANALYSIS
Example: IP Add [port: 25]
The SMTP server advertises the following SASL methods over an
unencrypted channel :
All supported methods : PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5
Cleartext methods : PLAIN, LOGIN
34
4.16. SSH SERVER CBC MODE CIPHERS ENABLED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2008-5161
Affected: IP Add, IP Add2
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
Note that Sec-1 only checks for the options of the SSH server and does not check for vulnerable software versions.
4.16.1. REMEDIATION
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
4.16.2. TECHNICAL ANALYSIS
Example: IP Add [port: 2020]
The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.s
The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.s
Example: IP Add2 [port: 22]
The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
35
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
36
4.17. SSL RC4 CIPHER SUITES SUPPORTED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2013-2566
Affected: IP Add, IP Add2, IP Add3
The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide
variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g. HTTP cookies), and an attacker is able to obtain many (i.e. tens of millions) ciphertexts, the attacker may be able to derive the
plaintext.
4.17.1. REMEDIATION
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
4.17.2. TECHNICAL ANALYSIS
Example: IP Add [port: 443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add3 [port: 443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
Au=RSA Enc=RC4(128) Mac=SHA1
37
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add2 [port: 8443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
RC4- RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add [port: 25]
Here is the list of RC4 cipher suites supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC4- 512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-ADH-
) Au=RSA Enc=RC4(40) Mac=MD5 export
High Strength Ciphers (>= 112-bit key)
SSLv2
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
TLSv1
ADH-RC4-
Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
38
Example: IP Add2 [port: 25]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add2 [port: 443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
SSLv2
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
39
4.18. SSL ANONYMOUS CIPHER SUITES SUPPORTED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2007-1858
Affected: IP Add
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and
configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
4.18.1. REMEDIATION
Reconfigure the affected application if possible to avoid use of weak ciphers.
4.18.2. TECHNICAL ANALYSIS
Example: IP Add [port: 25]
Here is the list of SSL anonymous ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES-CBC(40) Mac=SHA1 export
EXP-ADH- =DH(512) Au=None Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES-CBC(56) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
TLSv1
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES-CBC(168) Mac=SHA1
ADH- Au=None Enc=AES-CBC(128) Mac=SHA1
ADH-AES256 =DH Au=None Enc=AES-CBC(256) Mac=SHA1
ADH- SHA Kx=DH Au=None Enc=Camellia-CBC(128) Mac=SHA1
ADH-CAMELLIA256-SHA Kx=DH Au=None Enc=Camellia-CBC(256) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
ADH-
=DH Au=None Enc=AES-CBC(128) Mac=SHA256
DH-AES256-SHA256 Kx=DH Au=None Enc=AES-CBC(256) Mac=SHA256
TLSv12
DH-AES128-SHA256 Kx=DH Au=None Enc=AES-GCM(128) Mac=SHA256
DH-AES256-SHA384 Kx=DH Au=None Enc=AES-GCM(256) Mac=SHA384
40
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
41
4.19. SSL CERTIFICATE CHAIN CONTAINS RSA KEYS LESS THAN 2048 BITS
CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Affected: IP Add2, IP Add3
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification
Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits.
Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than
2048 bits before January 1, 2014.
4.19.1. REMEDIATION
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.
4.19.2. TECHNICAL ANALYSIS
Example: IP Add3 [port: 443]
The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :
|-Subject : CN=IP Add3
|-RSA Key Length : 1024 bits
Example: IP Add2 [port: 8443]
The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :
|-Subject : CN=IP Add2
|-RSA Key Length : 1024 bits
42
4.20. REMOTE ACCESS SOFTWARE DETECTED: SSH SERVER
CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Affected: IP Add2, IP Add3, IP Add4
The following remote access software was discovered on the host:
SSH Server
43
5. EXTENDED INFORMATION
5.1. PORT SCAN
Please review the following open ports. You should ensure there are no unnecessary ports or services open.
Host Port Service
IP Add 21 ftp/tcp
.. 25 smtp/tcp
.. 80 http/tcp
.. 110 pop3/tcp
.. 443 https/tcp
.. 2020 xinupageserver/tcp
.. 8443 https-alt/tcp
IP Add2 22 ssh/tcp
.. 25 smtp/tcp
.. 80 http/tcp
.. 389 ldap/tcp
.. 443 https/tcp
.. 500 ikev1 (udp)
.. 8443 https-alt/tcp
IP Add3 22 ssh/tcp
.. 443 https/tcp
.. 500 ikev1 (udp)
IP Add4 22 ssh/tcp
.. 80 http/tcp
.. 443 https/tcp
.. 500 ikev1 (udp)
.. 8443 https-alt/tcp
the firewalls and website looked after externally and have sent on the report for them to resolve, however the firewall co. are saying i should be telling them what to fix.
So, can someone give feedback on if the report is highlighting genuine issues that CAN be resolved, and how?
Thanks
We have had a Pen test of our firewalls, website and activesync ssl cert and got the following results:
(i edited/removed the sensitive data)
3. SUMMARY OF VULNERABILITIES: HIGH / MEDIUM
3.1. VULNERABILITY IMPACT RATINGS
HIGH
HIGH: Successful exploitation could lead to highly privileged access to the target
host or cause a denial of service condition.
Medium
Medium: Exploitation of the vulnerability will not directly lead to privileged
access to the host, service or data. However, vulnerabilities with a Medium
impact can often be combined with other flaws to elevate their impact.
Low
Low: This impact rating is assigned to vulnerabilities that, when exploited in
isolation, have a negligible impact on security. Typically vulnerabilities that
disclose information that may be useful to the attacker are considered to have a
low impact.
5
3.2. GRAPHICAL SUMMARY
Impact / Ref Description Affected Hosts
CVSS: 9.3
Impact/Prob:
High/High
OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based
on its acceptance of a specially crafted handshake.
IP Add
CVSS: 9.3
Impact/Prob:
High/Low
Insecure Protocols Detected
POP3 and FTP are enabled on the remote host. Protocols such as these do not encrypt network
traffic sent between client/server.
IP Add
7
3.4. MEDIUM IMPACT VULNERABILITIES
The following vulnerabilities have been assigned a Medium impact rating.
Impact / Ref Description Affected Hosts
CVSS: 6.4
Impact/Prob:
Medium/Medium
SSL Self-Signed Certificate
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If
the remote host is a public host in production, this nullifies the use of SSL as anyone could
establish a man-in-the-middle attack against the remote host.
IP Add, IP Add2,
IP Add3
CVSS: 6.4
Impact/Prob:
Medium/Medium
SSL Certificate Cannot Be Trusted
The server's X.509 certificate does not have a signature from a known public certificate authority.
This situation can occur in three different ways, each of which results in a break in the chain
below which certificates cannot be trusted.
IP Add, IP Add2,
IP Add3
CVSS: 5.0
Impact/Prob:
Medium/Medium
SSL Version 2 and 3 Protocol Detection
The remote service accepts connections encrypted using SSL 2.0 or 3.0, which reportedly suffer
from several cryptographic flaws. An attacker may be able to exploit these issues to conduct
man-in-the-middle attacks or decrypt communications between the affected service and clients.
IP Add, IP Add2,
IP Add3
CVSS: 5.0
Impact/Prob:
Medium/Medium
Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key
The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode
with Pre-Shared key (PSK) authentication. Such a configuration could allow an attacker to capture
and crack the PSK of a VPN gateway and gain unauthorized access to private networks.
IP Add2, IP Add3,
IP Add4
8
Impact / Ref Description Affected Hosts
CVSS: 5.0
Impact/Prob:
Medium/Medium
SSL Certificate with Wrong Hostname
The commonName (CN) of the SSL certificate presented on this service is for a different machine.
IP Add, IP Add2
CVSS: 5.0
Impact/Prob:
Medium/Medium
Microsoft Exchange Client Access Server Information Disclosure
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure
vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the
server's internal IP address.
IP Add2
CVSS: 5.0
Impact/Prob:
Medium/Medium
SSL Certificate Expiry
Sec-1 checks expiry dates of certificates associated with SSL- enabled services on the target and
reports whether any have already expired.
IP Add
CVSS: 4.3
Impact/Prob:
Medium/Medium
TLS Padding Oracle Information Disclosure Vulnerability (TLS POODLE)
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability
known as POODLE. The vulnerability is due to the TLS server not verifying block cipher padding
when using a cipher suite that employs a block cipher such as AES and DES. The lack of padding
checking can allow encrypted TLS traffic to be decrypted. This vulnerability could allow for the
decryption of HTTPS traffic by an unauthorized third party.
IP Add2, IP Add3
CVSS: 4.3
Impact/Prob:
Medium/Medium
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability
known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when
decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM
attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to
force a victim application to repeatedly send the same data over newly created SSL 3.0
connections.
IP Add, IP Add2,
IP Add3
9
Impact / Ref Description Affected Hosts
CVSS: 4.3
Impact/Prob:
Medium/Medium
SSL Weak and Medium Strength Cipher Suites Supported
The remote host supports the use of SSL ciphers that offer medium strength encryption, which
we currently regard as those with key lengths at least 56 bits and less than 112 bits.
IP Add
CVSS: 4.0
Impact/Prob:
Medium/Medium
SSH Protocol Version 1 Session Key Retrieval
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the
SSH protocol.
IP Add3
10
4. ASSESSMENT RESULTS
4.1. OPENSSL 'CHANGECIPHERSPEC' MITM VULNERABILITY
CVSS Score: 9.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I
CVE: CVE-2010-5298
Affected: IP Add
The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its acceptance of a specially crafted handshake.
This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been
exchanged, which causes predictable keys to be used to secure future traffic.
Note that Sec-1 has only tested for an SSL/TLS MiTM vulnerability (CVE-2014-0224). However, Sec-1 has inferred that the OpenSSL service on the remote host is also
affected by six additional vulnerabilities that were disclosed in OpenSSL's June 5th, 2014 security advisory:
An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is
exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD'
cache side-channel attack. (CVE-2014-0076)
A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks. Note
that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this
issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS
client. (CVE-2014-0221)
An error exists in the 'dtls1_get_message_fragmen
this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
OpenSSL did not release individual patches for these vulnerabilities, instead they were all patched under a single version release. Note that the service will remain
vulnerable after patching until the service or host is restarted.
11
4.1.1. REMEDIATION
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1
SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
4.1.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
The remote service on port 8443 accepted an early ChangeCipherSpec message, which caused
the MAC and to be derived entirely from public information. The entire SSL
handshake was completed, with the server accepting and producing messages encrypted and
authenticated using these weak keys.
Example: IP Add [port: 443]
The remote
to be derived entirely from public information. The entire SSL
handshake was completed, with the server accepting and producing messages encrypted and
authenticated using these weak keys.
Example: IP Add [port: 25]
The remote
the server accepting and producing messages encrypted and
authenticated using these weak keys.
Example: IP Add [port: 110]
The remote service
to be derived entirely from public information. The entire SSL
handshake was completed, with the server accepting and producing messages encrypted and
authenticated using these weak keys.
12
4.2. INSECURE PROTOCOLS DETECTED
CVSS Score: 9.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I
Affected: IP Add
An FTP service is accessible on the affected host via the internet. FTP is considered insecure as it does not encrypt network traffic.
Additionally the internal IP address (3rdparty_web_ftp_site) was disclosed upon connecting to the service. Attackers can use internal IP addresses in conjunction with other
attacks in attempts to gain unauthorised access.
The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover usernames and passwords by sniffing
traffic to the POP3 daemon is a less secure authentication mechanism (eg, USER command, AUTH PLAIN, AUTH LOGIN) is used.
4.2.1. REMEDIATION
Disable the use of FTP and use SSH instead. Enforce the use of SSL on the POP3 protocol
13
4.3. SSL SELF-SIGNED CERTIFICATE
CVSS Score: 6.4 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add, IP Add2, IP Add3
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL
as anyone could establish a man-in-the-middle attack against the remote host.
Note that Sec-1 does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
4.3.1. REMEDIATION
Purchase or generate a proper certificate for this service.
4.3.2. TECHNICAL ANALYSIS
Example: IP Add3 [port: 443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : CN=IP Add3
Example: IP Add [port: 443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 25]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
14
Example: IP Add [port: 110]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 8443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=Virginia/L=Herndon
Example: IP Add2 [port: 8443]
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : CN=IP Add2
15
4.4. SSL CERTIFICATE CANNOT BE TRUSTED
CVSS Score: 6.4 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add, IP Add2, IP Add3
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in
a break in the chain below which certificates cannot be trusted.
First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain
is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate
authority.
Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's
'notBefore' dates, or after one of the certificate's 'notAfter' dates.
Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting
the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm
that Sec-1 either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This
could make it easier to carry out man-in-the-middle attacks against the remote host.
4.4.1. REMEDIATION
Purchase or generate a proper certificate for this service.
4.4.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:23 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
16
Example: IP Add [port: 110]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:01 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 25]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:01 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
Example: IP Add [port: 443]
The following certificate was part of the certificate chain
sent by the remote host, but has expired :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Not After : Jul 05 16:08:01 2013 GMT
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : C=US/ST=Virginia/L=Herndon
|-Issuer : C=US/ST=Virginia/L=Herndon
Example: IP Add3 [port: 443]
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : CN=IP Add3
|-Issuer : CN=IP Add3
17
Example: IP Add2 [port: 8443]
The following certificate was at the top of the certificate
chain sent by the remote host, but is signed by an unknown
certificate authority :
|-Subject : CN=IP Add2
|-Issuer : CN=IP Add2
18
4.5. SSL VERSION 2 AND 3 PROTOCOL DETECTION
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add, IP Add2, IP Add3
The remote service accepts connections encrypted using SSL 2.0 or 3.0, which reportedly suffer from several cryptographic flaws. An attacker may be able to exploit these
issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
NIST has determined SSL v3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet
the PCI SSC’s definition of ‘strong cryptography’.
4.5.1. REMEDIATION
Consult the application's documentation to disable SSL 2.0 and 3.0. Use TLS 1.0 or higher instead.
4.5.2. TECHNICAL ANALYSIS
Example: IP Add3 [port: 443]
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add [port: 8443]
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add [port: 25]
- SSLv2 is enabled, and the server supports at least one cipher.
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add [port: 443]
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add2 [port: 8443]
- SSLv3 is enabled, and the server supports at least one cipher.
19
Example: IP Add2 [port: 443]
- SSLv2 is enabled, and the server supports at least one cipher.
- SSLv3 is enabled, and the server supports at least one cipher.
Example: IP Add2 [port: 25]
- SSLv3 is enabled, and the server supports at least one cipher.
20
4.6. INTERNET KEY EXCHANGE (IKE) AGGRESSIVE MODE WITH PRE-SHARED KEY
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
CVE: CVE-2002-1623
Affected: IP Add2, IP Add3, IP Add4
The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared key (PSK) authentication. Such a configuration could allow
an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks.
4.6.1. REMEDIATION
Disable Aggressive Mode if supported.
Do not use Pre-Shared key for authentication if it's possible.
If using Pre-Shared key cannot be avoided, use very strong keys.
If possible, do not allow VPN connections from any IP addresses.
Note that Sec-1 does not run over IPv6.
21
4.7. SSL CERTIFICATE WITH WRONG HOSTNAME
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I
Affected: IP Add, IP Add2
The commonName (CN) of the SSL certificate presented on this service is for a different machine.
4.7.1. REMEDIATION
Purchase or generate a proper certificate for this service.
4.7.2. TECHNICAL ANALYSIS
Example: IP Add2 [port: 25]
The identities known by Sec-1 are :
autodiscover.external_work
email.domain.com
wan_ip_isp-domain-name.net
The Common Name in the certificate is :
server
The Subject Alternate Names in the certificate are :
server
server.internal_domain.loc
Example: IP Add [port: 21]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
22
Example: IP Add [port: 25]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
Example: IP Add [port: 443]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
Example: IP Add [port: 110]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
Example: IP Add [port: 8443]
The identities known by Sec-1 are :
pop.3rdparty_web_hosting_c
pop3.3rdparty_web_hosting_
smtp.3rdparty_web_hosting_
webmail.3rdparty_web_hosti
mail.3rdparty_web_hosting_
The Common Name in the certificate is :
Certificate_domain Panel
23
4.8. MICROSOFT EXCHANGE CLIENT ACCESS SERVER INFORMATION DISCLOSURE
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I
Affected: IP Add2
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability
to learn the server's internal IP address.
4.8.1. REMEDIATION
There is no known fix at this time.
4.8.2. TECHNICAL ANALYSIS
Example: IP Add2 [port: 443]
Sec-1 was able to verify the issue with the following request :
GET /autodiscover/autodiscover
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Which returned the following IP address :
172.19.10.21
24
4.9. SSL CERTIFICATE EXPIRY
CVSS Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I
Affected: IP Add
Sec-1 checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
4.9.1. REMEDIATION
Purchase or generate a new SSL certificate to replace the existing one.
4.9.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
The SSL certificate has already expired :
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:23 2012 GMT
Not valid after : Jul 5 16:08:23 2013 GMT
Example: IP Add [port: 110]
The SSL certificate has already expired :
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:01 2012 GMT
Not valid after : Jul 5 16:08:01 2013 GMT
Example: IP Add [port: 25]
The SSL certificate has already expired :
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:01 2012 GMT
Not valid after : Jul 5 16:08:01 2013 GMT
Example: IP Add [port: 443]
The SSL certificate has already expired :
25
Subject : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Issuer : C=US, ST=Virginia, L=Herndon, O=Certificate_domain, OU=Certificate_domain Panel, CN=Certificate_domain Panel, emailAddress=email@domain.
Not valid before : Jul 5 16:08:01 2012 GMT
Not valid after : Jul 5 16:08:01 2013 GMT
26
4.10. TLS PADDING ORACLE INFORMATION DISCLOSURE VULNERABILITY (TLS POODLE)
CVSS Score: 4.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I
CVE: CVE-2014-8730
Affected: IP Add2, IP Add3
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the TLS server not verifying
block cipher padding when using a cipher suite that employs a block cipher such as AES and DES. The lack of padding checking can allow encrypted TLS traffic to be
decrypted. This vulnerability could allow for the decryption of HTTPS traffic by an unauthorized third party.
4.10.1. REMEDIATION
Contact the vendor for an update.
27
4.11. SSLV3 PADDING ORACLE ON DOWNGRADED LEGACY ENCRYPTION VULNERABILITY (POODLE)
CVSS Score: 4.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I
CVE: CVE-2014-3566
Affected: IP Add, IP Add2, IP Add3
The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text
in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the client and service.
The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients; however, it can only protect connections when the client and
service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.
This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is the only way to completely mitigate the vulnerability.
4.11.1. REMEDIATION
Disable SSLv3.
Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.
4.11.2. TECHNICAL ANALYSIS
Example: IP Add [port: 8443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add [port: 25]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
28
Example: IP Add [port: 443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add3 [port: 443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add2 [port: 8443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add2 [port: 443]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
Example: IP Add2 [port: 25]
Sec-1 determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.
It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.
29
4.12. SSL WEAK AND MEDIUM STRENGTH CIPHER SUITES SUPPORTED
CVSS Score: 4.3 CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I
Affected: IP Add
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than
112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
4.12.1. REMEDIATION
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
4.12.2. TECHNICAL ANALYSIS
Example: IP Add [port: 25]
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv2
DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=MD5
TLSv1
EDH-
Au=RSA Enc=DES-CBC(56) Mac=SHA1
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC2-
Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-ADH
(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2-CBC(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
30
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add [port: 443]
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EDH-RSA-
key)
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
31
4.13. SSH PROTOCOL VERSION 1 SESSION KEY RETRIEVAL
CVSS Score: 4.0 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2001-0361
Affected: IP Add3
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically safe so they should not be used.
4.13.1. REMEDIATION
Disable compatibility with version 1 of the protocol.
32
4.14. SSH WEAK MAC ALGORITHMS ENABLED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
Affected: IP Add, IP Add2
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.
Note that Sec-1 only checks for the options of the SSH server and does not check for vulnerable software versions.
4.14.1. REMEDIATION
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
4.14.2. TECHNICAL ANALYSIS
Example: IP Add2 [port: 22]
The following client-to-server Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
Example: IP Add [port: 2020]
The following client-to-server Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
33
4.15. SMTP SERVICE CLEARTEXT LOGIN PERMITTED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
Affected: IP Add
The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names
and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.
4.15.1. REMEDIATION
Configure the service to support less secure authentication mechanisms only over an encrypted channel.
4.15.2. TECHNICAL ANALYSIS
Example: IP Add [port: 25]
The SMTP server advertises the following SASL methods over an
unencrypted channel :
All supported methods : PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5
Cleartext methods : PLAIN, LOGIN
34
4.16. SSH SERVER CBC MODE CIPHERS ENABLED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2008-5161
Affected: IP Add, IP Add2
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
Note that Sec-1 only checks for the options of the SSH server and does not check for vulnerable software versions.
4.16.1. REMEDIATION
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
4.16.2. TECHNICAL ANALYSIS
Example: IP Add [port: 2020]
The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.s
The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.s
Example: IP Add2 [port: 22]
The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
35
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
36
4.17. SSL RC4 CIPHER SUITES SUPPORTED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2013-2566
Affected: IP Add, IP Add2, IP Add3
The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide
variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g. HTTP cookies), and an attacker is able to obtain many (i.e. tens of millions) ciphertexts, the attacker may be able to derive the
plaintext.
4.17.1. REMEDIATION
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
4.17.2. TECHNICAL ANALYSIS
Example: IP Add [port: 443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add3 [port: 443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
Au=RSA Enc=RC4(128) Mac=SHA1
37
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add2 [port: 8443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
RC4- RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add [port: 25]
Here is the list of RC4 cipher suites supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC4- 512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-ADH-
) Au=RSA Enc=RC4(40) Mac=MD5 export
High Strength Ciphers (>= 112-bit key)
SSLv2
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
TLSv1
ADH-RC4-
Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
38
Example: IP Add2 [port: 25]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
TLSv1
Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Example: IP Add2 [port: 443]
Here is the list of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
SSLv2
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
39
4.18. SSL ANONYMOUS CIPHER SUITES SUPPORTED
CVSS Score: 2.6 CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I
CVE: CVE-2007-1858
Affected: IP Add
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and
configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
4.18.1. REMEDIATION
Reconfigure the affected application if possible to avoid use of weak ciphers.
4.18.2. TECHNICAL ANALYSIS
Example: IP Add [port: 25]
Here is the list of SSL anonymous ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES-CBC(40) Mac=SHA1 export
EXP-ADH- =DH(512) Au=None Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES-CBC(56) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
TLSv1
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES-CBC(168) Mac=SHA1
ADH- Au=None Enc=AES-CBC(128) Mac=SHA1
ADH-AES256 =DH Au=None Enc=AES-CBC(256) Mac=SHA1
ADH- SHA Kx=DH Au=None Enc=Camellia-CBC(128) Mac=SHA1
ADH-CAMELLIA256-SHA Kx=DH Au=None Enc=Camellia-CBC(256) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
ADH-
=DH Au=None Enc=AES-CBC(128) Mac=SHA256
DH-AES256-SHA256 Kx=DH Au=None Enc=AES-CBC(256) Mac=SHA256
TLSv12
DH-AES128-SHA256 Kx=DH Au=None Enc=AES-GCM(128) Mac=SHA256
DH-AES256-SHA384 Kx=DH Au=None Enc=AES-GCM(256) Mac=SHA384
40
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
41
4.19. SSL CERTIFICATE CHAIN CONTAINS RSA KEYS LESS THAN 2048 BITS
CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Affected: IP Add2, IP Add3
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification
Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits.
Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than
2048 bits before January 1, 2014.
4.19.1. REMEDIATION
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.
4.19.2. TECHNICAL ANALYSIS
Example: IP Add3 [port: 443]
The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :
|-Subject : CN=IP Add3
|-RSA Key Length : 1024 bits
Example: IP Add2 [port: 8443]
The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :
|-Subject : CN=IP Add2
|-RSA Key Length : 1024 bits
42
4.20. REMOTE ACCESS SOFTWARE DETECTED: SSH SERVER
CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Affected: IP Add2, IP Add3, IP Add4
The following remote access software was discovered on the host:
SSH Server
43
5. EXTENDED INFORMATION
5.1. PORT SCAN
Please review the following open ports. You should ensure there are no unnecessary ports or services open.
Host Port Service
IP Add 21 ftp/tcp
.. 25 smtp/tcp
.. 80 http/tcp
.. 110 pop3/tcp
.. 443 https/tcp
.. 2020 xinupageserver/tcp
.. 8443 https-alt/tcp
IP Add2 22 ssh/tcp
.. 25 smtp/tcp
.. 80 http/tcp
.. 389 ldap/tcp
.. 443 https/tcp
.. 500 ikev1 (udp)
.. 8443 https-alt/tcp
IP Add3 22 ssh/tcp
.. 443 https/tcp
.. 500 ikev1 (udp)
IP Add4 22 ssh/tcp
.. 80 http/tcp
.. 443 https/tcp
.. 500 ikev1 (udp)
.. 8443 https-alt/tcp
the firewalls and website looked after externally and have sent on the report for them to resolve, however the firewall co. are saying i should be telling them what to fix.
So, can someone give feedback on if the report is highlighting genuine issues that CAN be resolved, and how?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Go with google then. Like I said, there's a lot of work here.
In the future, I would recommend using Alliance Information Security. Not only do they do a MUCH better job, I'd wager they can beat any price you're worked with.
In the future, I would recommend using Alliance Information Security. Not only do they do a MUCH better job, I'd wager they can beat any price you're worked with.
ASKER
Whats their www?
allianceinfosec.com
ASKER
american?
Yes. Is that a problem?
ASKER
Guess not.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have, and they want to charge to do this.