Diferència entre revisions de la pàgina «ASIX/M17/UF2/PT1»
(Es crea la pàgina amb «<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UT...».) |
|||
| Línia 1: | Línia 1: | ||
| − | + | I Summary | |
| − | + | ========= | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | This document reports on the results of an automatic security scan. | |
| − | + | The report first summarises the results found. | |
| − | + | Then, for each host, the report describes every issue found. | |
| − | + | Please consider the advice given in each description, in order to rectify | |
| − | + | the issue. | |
| − | |||
| − | + | All dates are displayed using the timezone "Coordinated Universal Time", | |
| − | + | which is abbreviated "UTC". | |
| − | |||
| − | . | + | Vendor security updates are not trusted. |
| − | |||
| − | |||
| − | |||
| − | . | + | Overrides are on. When a result has an override, this report uses the |
| − | + | threat of the override. | |
| − | |||
| − | . | + | Notes are included in the report.Information on overrides is included in the report. |
| − | |||
| − | |||
| − | . | + | This report might not show details of all issues that were found. |
| − | + | It only lists hosts that produced issues. | |
| − | + | Issues with the threat level "Log" are not shown. | |
| + | Issues with the threat level "Debug" are not shown. | ||
| + | Issues with the threat level "False Positive" are not shown. | ||
| + | Only results with a minimum QoD of 70 are shown. | ||
| − | + | This report contains all 5 results selected by the | |
| − | + | filtering described above. Before filtering there were 155 results. | |
| − | |||
| − | + | Scan started: Fri Mar 1 14:54:15 2019 UTC | |
| − | + | Scan ended: Fri Mar 1 15:41:58 2019 UTC | |
| − | + | Task: Nose OVA | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | Host Summary | |
| − | + | ************ | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | . | + | Host High Medium Low Log False Positive |
| − | + | 10.17.3.6 0 3 2 0 0 | |
| − | + | Total: 1 0 3 2 0 0 | |
| − | |||
| − | |||
| − | |||
| − | + | II Results per Host | |
| − | + | =================== | |
| − | |||
| − | . | + | Host 10.17.3.6 |
| − | + | ************** | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | Scanning of this host started at: Fri Mar 1 15:21:42 2019 UTC | |
| − | + | Number of results: 5 | |
| − | |||
| − | |||
| − | . | + | Port Summary for Host 10.17.3.6 |
| − | + | ------------------------------- | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | Service (Port) Threat Level | |
| − | + | 22/tcp Medium | |
| − | + | general/tcp Low | |
| + | 80/tcp Medium | ||
| − | + | Security Issues for Host 10.17.3.6 | |
| − | + | ---------------------------------- | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | Issue | |
| − | + | ----- | |
| − | + | NVT: HTTP Debugging Methods (TRACE/TRACK) Enabled | |
| − | + | OID: 1.3.6.1.4.1.25623.1.0.11213 | |
| − | + | Threat: Medium (CVSS: 5.8) | |
| − | + | Port: 80/tcp | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | Summary: | ||
| + | Debugging functions are enabled on the remote web server. | ||
| + | The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK | ||
| + | are HTTP methods which are used to debug web server connections. | ||
| + | |||
| + | Vulnerability Detection Result: | ||
| + | The web server has the following HTTP methods enabled: TRACE | ||
| + | |||
| + | Impact: | ||
| + | An attacker may use this flaw to trick your legitimate web users to give | ||
| + | him their credentials. | ||
| + | |||
| + | Solution: | ||
| + | Solution type: Mitigation | ||
| + | Disable the TRACE and TRACK methods in your web server configuration. | ||
| + | Please see the manual of your web server or the references for more informatio! | ||
| + | n. | ||
| + | |||
| + | Affected Software/OS: | ||
| + | Web servers with enabled TRACE and/or TRACK methods. | ||
| + | |||
| + | Vulnerability Insight: | ||
| + | It has been shown that web servers supporting this methods are | ||
| + | subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, wh! | ||
| + | en used in | ||
| + | conjunction with various weaknesses in browsers. | ||
| + | |||
| + | Vulnerability Detection Method: | ||
| + | Details: | ||
| + | HTTP Debugging Methods (TRACE/TRACK) Enabled | ||
| + | (OID: 1.3.6.1.4.1.25623.1.0.11213) | ||
| + | Version used: $Revision: 10828 $ | ||
| + | |||
| + | References: | ||
| + | CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883 | ||
| + | BID: 9506, 9561, 11604, 15222, 19915, 24456, 33374, 36956, 36990, 37995 | ||
| + | CERT: CB-K14/0981 | ||
| + | , DFN-CERT-2014-1018 | ||
| + | , DFN-CERT-2010-0020 | ||
| + | |||
| + | Other: | ||
| + | http://www.kb.cert.org/vuls/id/288308 | ||
| + | http://www.kb.cert.org/vuls/id/867593 | ||
| + | http://httpd.apache.org/docs/current/de/mod/core.html#traceenable | ||
| + | https://www.owasp.org/index.php/Cross_Site_Tracing | ||
| + | |||
| + | |||
| + | Issue | ||
| + | ----- | ||
| + | NVT: Linux Home Folder Accessible | ||
| + | OID: 1.3.6.1.4.1.25623.1.0.111108 | ||
| + | Threat: Medium (CVSS: 5.0) | ||
| + | Port: 80/tcp | ||
| + | |||
| + | Summary: | ||
| + | The script attempts to identify files of a linux home folder accessible | ||
| + | at the webserver. | ||
| + | |||
| + | Vulnerability Detection Result: | ||
| + | The following files were identified: | ||
| + | http://10.17.3.6/.bash_history | ||
| + | |||
| + | Impact: | ||
| + | Based on the information provided in this files an attacker might | ||
| + | be able to gather additional info. | ||
| + | |||
| + | Solution: | ||
| + | Solution type: Mitigation | ||
| + | A users home folder shouldn't be accessible via a webserver. Restrict access to ! | ||
| + | it or remove it completely. | ||
| + | |||
| + | Vulnerability Insight: | ||
| + | Currently the script is checking for the following files: | ||
| + | - /.ssh/authorized_keys | ||
| + | - /.ssh/known_hosts | ||
| + | - /.ssh/identity | ||
| + | - /.ssh/id_rsa | ||
| + | - /.ssh/id_rsa.pub | ||
| + | - /.ssh/id_dsa | ||
| + | - /.ssh/id_dsa.pub | ||
| + | - /.ssh/id_dss | ||
| + | - /.ssh/id_dss.pub | ||
| + | - /.ssh/id_ecdsa | ||
| + | - /.ssh/id_ecdsa.pub | ||
| + | - /.ssh/id_ed25519 | ||
| + | - /.ssh/id_ed25519.pub | ||
| + | - /.mysql_history | ||
| + | - /.sqlite_history | ||
| + | - /.psql_history | ||
| + | - /.sh_history | ||
| + | - /.bash_history | ||
| + | - /.profile | ||
| + | - /.bashrc | ||
| + | |||
| + | Vulnerability Detection Method: | ||
| + | Check the response if files from a home folder are accessible. | ||
| + | Details: | ||
| + | Linux Home Folder Accessible | ||
| + | (OID: 1.3.6.1.4.1.25623.1.0.111108) | ||
| + | Version used: $Revision: 10157 $ | ||
| + | |||
| + | |||
| + | Issue | ||
| + | ----- | ||
| + | NVT: SSH Weak Encryption Algorithms Supported | ||
| + | OID: 1.3.6.1.4.1.25623.1.0.105611 | ||
| + | Threat: Medium (CVSS: 4.3) | ||
| + | Port: 22/tcp | ||
| + | |||
| + | Summary: | ||
| + | The remote SSH server is configured to allow weak encryption algorithms. | ||
| + | |||
| + | Vulnerability Detection Result: | ||
| + | The following weak client-to-server encryption algorithms are supported by the r! | ||
| + | emote service: | ||
3des-cbc | 3des-cbc | ||
aes128-cbc | aes128-cbc | ||
| Línia 384: | Línia 192: | ||
cast128-cbc | cast128-cbc | ||
rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se | ||
| − | + | The following weak server-to-client encryption algorithms are supported by the r! | |
| − | + | emote service: | |
| − | The following weak server-to-client encryption algorithms are supported by the | ||
| − | |||
3des-cbc | 3des-cbc | ||
aes128-cbc | aes128-cbc | ||
| Línia 397: | Línia 203: | ||
blowfish-cbc | blowfish-cbc | ||
cast128-cbc | cast128-cbc | ||
| − | rijndael-cbc@lysator.liu.se | + | rijndael-cbc@lysator.liu.se |
| − | + | ||
| − | + | Solution: | |
| − | + | Solution type: Mitigation | |
| − | + | Disable the weak encryption algorithms. | |
| − | + | ||
| − | + | Vulnerability Insight: | |
| − | + | The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys. | |
| − | The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems | + | The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]! |
| − | with weak keys, and should not be used anymore. | + | . Arcfour (and RC4) has problems |
| − | + | with weak keys, and should not be used anymore. | |
| + | The `none` algorithm specifies that no encryption is to be done. | ||
Note that this method provides no confidentiality protection, and it | Note that this method provides no confidentiality protection, and it | ||
| − | is NOT RECOMMENDED to use it. | + | is NOT RECOMMENDED to use it. |
| − | + | A vulnerability exists in SSH messages that employ CBC mode that may allow an ! | |
| − | + | attacker to recover plaintext from a block of ciphertext. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | Vulnerability Detection Method: | ||
| + | Check if remote ssh service supports Arcfour, none or CBC ciphers. | ||
| + | Details: | ||
| + | SSH Weak Encryption Algorithms Supported | ||
| + | (OID: 1.3.6.1.4.1.25623.1.0.105611) | ||
| + | Version used: $Revision: 13581 $ | ||
| + | |||
| + | References: | ||
| + | Other: | ||
| + | https://tools.ietf.org/html/rfc4253#section-6.3 | ||
| + | https://www.kb.cert.org/vuls/id/958563 | ||
| + | |||
| + | |||
| + | Issue | ||
| + | ----- | ||
| + | NVT: SSH Weak MAC Algorithms Supported | ||
| + | OID: 1.3.6.1.4.1.25623.1.0.105610 | ||
| + | Threat: Low (CVSS: 2.6) | ||
| + | Port: 22/tcp | ||
| + | |||
| + | Summary: | ||
| + | The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith! | ||
| + | ms. | ||
| + | |||
| + | Vulnerability Detection Result: | ||
| + | The following weak client-to-server MAC algorithms are supported by the remote s! | ||
| + | ervice: | ||
| + | hmac-md5 | ||
| + | hmac-md5-96 | ||
| + | hmac-sha1-96 | ||
| + | The following weak server-to-client MAC algorithms are supported by the remote s! | ||
| + | ervice: | ||
hmac-md5 | hmac-md5 | ||
hmac-md5-96 | hmac-md5-96 | ||
hmac-sha1-96 | hmac-sha1-96 | ||
| + | |||
| + | Solution: | ||
| + | Solution type: Mitigation | ||
| + | Disable the weak MAC algorithms. | ||
| + | |||
| + | Vulnerability Detection Method: | ||
| + | Details: | ||
| + | SSH Weak MAC Algorithms Supported | ||
| + | (OID: 1.3.6.1.4.1.25623.1.0.105610) | ||
| + | Version used: $Revision: 13581 $ | ||
| − | + | Issue | |
| + | ----- | ||
| + | NVT: TCP timestamps | ||
| + | OID: 1.3.6.1.4.1.25623.1.0.80091 | ||
| + | Threat: Low (CVSS: 2.6) | ||
| + | Port: general/tcp | ||
| − | + | Summary: | |
| − | + | The remote host implements TCP timestamps and therefore allows to compute | |
| − | + | the uptime. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | the uptime | ||
| − | |||
| − | |||
| − | |||
| + | Vulnerability Detection Result: | ||
| + | It was detected that the host implements RFC1323. | ||
The following timestamps were retrieved with a delay of 1 seconds in-between: | The following timestamps were retrieved with a delay of 1 seconds in-between: | ||
Packet 1: 3183497 | Packet 1: 3183497 | ||
| − | Packet 2: 3185039 | + | Packet 2: 3185039 |
| − | + | ||
| − | + | Impact: | |
| − | + | A side effect of this feature is that the uptime of the remote | |
| − | host can sometimes be computed. | + | host can sometimes be computed. |
| − | + | ||
| − | + | Solution: | |
| − | + | Solution type: Mitigation | |
| − | + | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to | |
| − | /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. | + | /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. |
| − | + | To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta! | |
| − | + | mps=disabled' | |
| − | + | Starting with Windows Server 2008 and Vista, the timestamp can not be complete! | |
| − | Timestamp options when initiating TCP connections, but use them if the TCP | + | ly disabled. |
| − | that is initiating communication includes them in their synchronize (SYN) | + | The default behavior of the TCP/IP stack on this Systems is to not use the |
| − | + | Timestamp options when initiating TCP connections, but use them if the TCP pee! | |
| − | + | r | |
| − | + | that is initiating communication includes them in their synchronize (SYN) segm! | |
| − | + | ent. | |
| − | + | See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152 | |
| − | + | ||
| − | + | Affected Software/OS: | |
| − | + | TCP/IPv4 implementations that implement RFC1323. | |
| − | + | ||
| − | + | Vulnerability Insight: | |
| − | target IP. The responses are searched for a timestamps. If found, the | + | The remote host implements TCP timestamps, as defined by RFC1323. |
| − | + | ||
| − | + | Vulnerability Detection Method: | |
| − | + | Special IP packets are forged and sent with a little delay in between to the | |
| − | + | target IP. The responses are searched for a timestamps. If found, the timestam! | |
| − | + | ps are reported. | |
| − | + | Details: | |
| − | + | TCP timestamps | |
| − | + | (OID: 1.3.6.1.4.1.25623.1.0.80091) | |
| − | + | Version used: $Revision: 10411 $ | |
| − | + | ||
| − | + | References: | |
| − | + | Other: | |
| − | + | http://www.ietf.org/rfc/rfc1323.txt | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revisió del 15:51, 1 març 2019
I Summary
=
This document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.
All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC".
Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the threat of the override.
Notes are included in the report.Information on overrides is included in the report.
This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Log" are not shown. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown. Only results with a minimum QoD of 70 are shown.
This report contains all 5 results selected by the filtering described above. Before filtering there were 155 results.
Scan started: Fri Mar 1 14:54:15 2019 UTC Scan ended: Fri Mar 1 15:41:58 2019 UTC Task: Nose OVA
Host Summary
Host High Medium Low Log False Positive 10.17.3.6 0 3 2 0 0 Total: 1 0 3 2 0 0
II Results per Host
=======
Host 10.17.3.6
Scanning of this host started at: Fri Mar 1 15:21:42 2019 UTC Number of results: 5
Port Summary for Host 10.17.3.6
Service (Port) Threat Level 22/tcp Medium general/tcp Low 80/tcp Medium
Security Issues for Host 10.17.3.6
Issue
NVT: HTTP Debugging Methods (TRACE/TRACK) Enabled OID: 1.3.6.1.4.1.25623.1.0.11213 Threat: Medium (CVSS: 5.8) Port: 80/tcp
Summary: Debugging functions are enabled on the remote web server.
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.
Vulnerability Detection Result: The web server has the following HTTP methods enabled: TRACE
Impact: An attacker may use this flaw to trick your legitimate web users to give
him their credentials.
Solution: Solution type: Mitigation Disable the TRACE and TRACK methods in your web server configuration.
Please see the manual of your web server or the references for more informatio!
n.
Affected Software/OS: Web servers with enabled TRACE and/or TRACK methods.
Vulnerability Insight: It has been shown that web servers supporting this methods are
subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, wh!
en used in
conjunction with various weaknesses in browsers.
Vulnerability Detection Method: Details: HTTP Debugging Methods (TRACE/TRACK) Enabled (OID: 1.3.6.1.4.1.25623.1.0.11213) Version used: $Revision: 10828 $
References: CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883 BID: 9506, 9561, 11604, 15222, 19915, 24456, 33374, 36956, 36990, 37995 CERT: CB-K14/0981 , DFN-CERT-2014-1018 , DFN-CERT-2010-0020
Other:
http://www.kb.cert.org/vuls/id/288308 http://www.kb.cert.org/vuls/id/867593 http://httpd.apache.org/docs/current/de/mod/core.html#traceenable https://www.owasp.org/index.php/Cross_Site_Tracing
Issue
NVT: Linux Home Folder Accessible OID: 1.3.6.1.4.1.25623.1.0.111108 Threat: Medium (CVSS: 5.0) Port: 80/tcp
Summary: The script attempts to identify files of a linux home folder accessible
at the webserver.
Vulnerability Detection Result: The following files were identified: http://10.17.3.6/.bash_history
Impact: Based on the information provided in this files an attacker might
be able to gather additional info.
Solution: Solution type: Mitigation A users home folder shouldn't be accessible via a webserver. Restrict access to ! it or remove it completely.
Vulnerability Insight: Currently the script is checking for the following files:
- /.ssh/authorized_keys - /.ssh/known_hosts - /.ssh/identity - /.ssh/id_rsa - /.ssh/id_rsa.pub - /.ssh/id_dsa - /.ssh/id_dsa.pub - /.ssh/id_dss - /.ssh/id_dss.pub - /.ssh/id_ecdsa - /.ssh/id_ecdsa.pub - /.ssh/id_ed25519 - /.ssh/id_ed25519.pub - /.mysql_history - /.sqlite_history - /.psql_history - /.sh_history - /.bash_history - /.profile - /.bashrc
Vulnerability Detection Method: Check the response if files from a home folder are accessible. Details: Linux Home Folder Accessible (OID: 1.3.6.1.4.1.25623.1.0.111108) Version used: $Revision: 10157 $
Issue
NVT: SSH Weak Encryption Algorithms Supported OID: 1.3.6.1.4.1.25623.1.0.105611 Threat: Medium (CVSS: 4.3) Port: 22/tcp
Summary: The remote SSH server is configured to allow weak encryption algorithms.
Vulnerability Detection Result: The following weak client-to-server encryption algorithms are supported by the r! emote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The following weak server-to-client encryption algorithms are supported by the r! emote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se
Solution: Solution type: Mitigation Disable the weak encryption algorithms.
Vulnerability Insight: The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]!
. Arcfour (and RC4) has problems
with weak keys, and should not be used anymore. The `none` algorithm specifies that no encryption is to be done. Note that this method provides no confidentiality protection, and it is NOT RECOMMENDED to use it. A vulnerability exists in SSH messages that employ CBC mode that may allow an !
attacker to recover plaintext from a block of ciphertext.
Vulnerability Detection Method: Check if remote ssh service supports Arcfour, none or CBC ciphers. Details: SSH Weak Encryption Algorithms Supported (OID: 1.3.6.1.4.1.25623.1.0.105611) Version used: $Revision: 13581 $
References: Other:
https://tools.ietf.org/html/rfc4253#section-6.3 https://www.kb.cert.org/vuls/id/958563
Issue
NVT: SSH Weak MAC Algorithms Supported OID: 1.3.6.1.4.1.25623.1.0.105610 Threat: Low (CVSS: 2.6) Port: 22/tcp
Summary: The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith! ms.
Vulnerability Detection Result: The following weak client-to-server MAC algorithms are supported by the remote s! ervice: hmac-md5 hmac-md5-96 hmac-sha1-96 The following weak server-to-client MAC algorithms are supported by the remote s! ervice: hmac-md5 hmac-md5-96 hmac-sha1-96
Solution: Solution type: Mitigation Disable the weak MAC algorithms.
Vulnerability Detection Method: Details: SSH Weak MAC Algorithms Supported (OID: 1.3.6.1.4.1.25623.1.0.105610) Version used: $Revision: 13581 $
Issue
NVT: TCP timestamps OID: 1.3.6.1.4.1.25623.1.0.80091 Threat: Low (CVSS: 2.6) Port: general/tcp
Summary: The remote host implements TCP timestamps and therefore allows to compute
the uptime.
Vulnerability Detection Result: It was detected that the host implements RFC1323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 3183497 Packet 2: 3185039
Impact: A side effect of this feature is that the uptime of the remote
host can sometimes be computed.
Solution: Solution type: Mitigation To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
mps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
ly disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP pee!
r
that is initiating communication includes them in their synchronize (SYN) segm!
ent.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
Affected Software/OS: TCP/IPv4 implementations that implement RFC1323.
Vulnerability Insight: The remote host implements TCP timestamps, as defined by RFC1323.
Vulnerability Detection Method: Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestam!
ps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: $Revision: 10411 $
References: Other:
http://www.ietf.org/rfc/rfc1323.txt
