Diferència entre revisions de la pàgina «ASIX/M17/UF2/PT1»
Salta a la navegació
Salta a la cerca
(Es crea la pàgina amb «<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UT...».) |
m (Guillem ha mogut M17/UF2/PT1 a ASIX/M17/UF2/PT1 sense deixar una redirecció: Crear subnivell ASIX) |
||
(Hi ha 4 revisions intermèdies del mateix usuari que no es mostren) | |||
Línia 1: | Línia 1: | ||
− | < | + | <source> |
− | + | I Summary | |
− | + | ========= | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | This document reports on the results of an automatic security scan. | |
− | + | The report first summarises the results found. | |
− | + | Then, for each host, the report describes every issue found. | |
− | + | Please consider the advice given in each description, in order to rectify | |
− | + | the issue. | |
− | |||
− | + | All dates are displayed using the timezone "Coordinated Universal Time", | |
− | + | which is abbreviated "UTC". | |
− | |||
− | . | + | Vendor security updates are not trusted. |
− | |||
− | |||
− | |||
− | . | + | Overrides are on. When a result has an override, this report uses the |
− | + | threat of the override. | |
− | |||
− | . | + | Notes are included in the report.Information on overrides is included in the report. |
− | |||
− | |||
− | . | + | This report might not show details of all issues that were found. |
− | + | It only lists hosts that produced issues. | |
− | + | Issues with the threat level "Log" are not shown. | |
+ | Issues with the threat level "Debug" are not shown. | ||
+ | Issues with the threat level "False Positive" are not shown. | ||
+ | Only results with a minimum QoD of 70 are shown. | ||
− | + | This report contains all 5 results selected by the | |
− | + | filtering described above. Before filtering there were 155 results. | |
− | |||
− | + | Scan started: Fri Mar 1 14:54:15 2019 UTC | |
− | + | Scan ended: Fri Mar 1 15:41:58 2019 UTC | |
− | + | Task: Nose OVA | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Host Summary | |
− | + | ************ | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | . | + | Host High Medium Low Log False Positive |
− | + | 10.17.3.6 0 3 2 0 0 | |
− | + | Total: 1 0 3 2 0 0 | |
− | |||
− | |||
− | |||
− | + | II Results per Host | |
− | + | =================== | |
− | |||
− | . | + | Host 10.17.3.6 |
− | + | ************** | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Scanning of this host started at: Fri Mar 1 15:21:42 2019 UTC | |
− | + | Number of results: 5 | |
− | |||
− | |||
− | . | + | Port Summary for Host 10.17.3.6 |
− | + | ------------------------------- | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Service (Port) Threat Level | |
− | + | 22/tcp Medium | |
− | + | general/tcp Low | |
+ | 80/tcp Medium | ||
− | + | Security Issues for Host 10.17.3.6 | |
− | + | ---------------------------------- | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Issue | |
− | + | ----- | |
− | + | NVT: HTTP Debugging Methods (TRACE/TRACK) Enabled | |
− | + | OID: 1.3.6.1.4.1.25623.1.0.11213 | |
− | + | Threat: Medium (CVSS: 5.8) | |
− | + | Port: 80/tcp | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | Summary: | ||
+ | Debugging functions are enabled on the remote web server. | ||
+ | The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK | ||
+ | are HTTP methods which are used to debug web server connections. | ||
+ | |||
+ | Vulnerability Detection Result: | ||
+ | The web server has the following HTTP methods enabled: TRACE | ||
+ | |||
+ | Impact: | ||
+ | An attacker may use this flaw to trick your legitimate web users to give | ||
+ | him their credentials. | ||
+ | |||
+ | Solution: | ||
+ | Solution type: Mitigation | ||
+ | Disable the TRACE and TRACK methods in your web server configuration. | ||
+ | Please see the manual of your web server or the references for more informatio! | ||
+ | n. | ||
+ | |||
+ | Affected Software/OS: | ||
+ | Web servers with enabled TRACE and/or TRACK methods. | ||
+ | |||
+ | Vulnerability Insight: | ||
+ | It has been shown that web servers supporting this methods are | ||
+ | subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, wh! | ||
+ | en used in | ||
+ | conjunction with various weaknesses in browsers. | ||
+ | |||
+ | Vulnerability Detection Method: | ||
+ | Details: | ||
+ | HTTP Debugging Methods (TRACE/TRACK) Enabled | ||
+ | (OID: 1.3.6.1.4.1.25623.1.0.11213) | ||
+ | Version used: $Revision: 10828 $ | ||
+ | |||
+ | References: | ||
+ | CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883 | ||
+ | BID: 9506, 9561, 11604, 15222, 19915, 24456, 33374, 36956, 36990, 37995 | ||
+ | CERT: CB-K14/0981 | ||
+ | , DFN-CERT-2014-1018 | ||
+ | , DFN-CERT-2010-0020 | ||
+ | |||
+ | Other: | ||
+ | http://www.kb.cert.org/vuls/id/288308 | ||
+ | http://www.kb.cert.org/vuls/id/867593 | ||
+ | http://httpd.apache.org/docs/current/de/mod/core.html#traceenable | ||
+ | https://www.owasp.org/index.php/Cross_Site_Tracing | ||
+ | |||
+ | |||
+ | Issue | ||
+ | ----- | ||
+ | NVT: Linux Home Folder Accessible | ||
+ | OID: 1.3.6.1.4.1.25623.1.0.111108 | ||
+ | Threat: Medium (CVSS: 5.0) | ||
+ | Port: 80/tcp | ||
+ | |||
+ | Summary: | ||
+ | The script attempts to identify files of a linux home folder accessible | ||
+ | at the webserver. | ||
+ | |||
+ | Vulnerability Detection Result: | ||
+ | The following files were identified: | ||
+ | http://10.17.3.6/.bash_history | ||
+ | |||
+ | Impact: | ||
+ | Based on the information provided in this files an attacker might | ||
+ | be able to gather additional info. | ||
+ | |||
+ | Solution: | ||
+ | Solution type: Mitigation | ||
+ | A users home folder shouldn't be accessible via a webserver. Restrict access to ! | ||
+ | it or remove it completely. | ||
+ | |||
+ | Vulnerability Insight: | ||
+ | Currently the script is checking for the following files: | ||
+ | - /.ssh/authorized_keys | ||
+ | - /.ssh/known_hosts | ||
+ | - /.ssh/identity | ||
+ | - /.ssh/id_rsa | ||
+ | - /.ssh/id_rsa.pub | ||
+ | - /.ssh/id_dsa | ||
+ | - /.ssh/id_dsa.pub | ||
+ | - /.ssh/id_dss | ||
+ | - /.ssh/id_dss.pub | ||
+ | - /.ssh/id_ecdsa | ||
+ | - /.ssh/id_ecdsa.pub | ||
+ | - /.ssh/id_ed25519 | ||
+ | - /.ssh/id_ed25519.pub | ||
+ | - /.mysql_history | ||
+ | - /.sqlite_history | ||
+ | - /.psql_history | ||
+ | - /.sh_history | ||
+ | - /.bash_history | ||
+ | - /.profile | ||
+ | - /.bashrc | ||
+ | |||
+ | Vulnerability Detection Method: | ||
+ | Check the response if files from a home folder are accessible. | ||
+ | Details: | ||
+ | Linux Home Folder Accessible | ||
+ | (OID: 1.3.6.1.4.1.25623.1.0.111108) | ||
+ | Version used: $Revision: 10157 $ | ||
+ | |||
+ | |||
+ | Issue | ||
+ | ----- | ||
+ | NVT: SSH Weak Encryption Algorithms Supported | ||
+ | OID: 1.3.6.1.4.1.25623.1.0.105611 | ||
+ | Threat: Medium (CVSS: 4.3) | ||
+ | Port: 22/tcp | ||
+ | |||
+ | Summary: | ||
+ | The remote SSH server is configured to allow weak encryption algorithms. | ||
+ | |||
+ | Vulnerability Detection Result: | ||
+ | The following weak client-to-server encryption algorithms are supported by the r! | ||
+ | emote service: | ||
3des-cbc | 3des-cbc | ||
aes128-cbc | aes128-cbc | ||
Línia 384: | Línia 193: | ||
cast128-cbc | cast128-cbc | ||
rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se | ||
− | + | The following weak server-to-client encryption algorithms are supported by the r! | |
− | + | emote service: | |
− | The following weak server-to-client encryption algorithms are supported by the | ||
− | |||
3des-cbc | 3des-cbc | ||
aes128-cbc | aes128-cbc | ||
Línia 397: | Línia 204: | ||
blowfish-cbc | blowfish-cbc | ||
cast128-cbc | cast128-cbc | ||
− | rijndael-cbc@lysator.liu.se | + | rijndael-cbc@lysator.liu.se |
− | + | ||
− | + | Solution: | |
− | + | Solution type: Mitigation | |
− | + | Disable the weak encryption algorithms. | |
− | + | ||
− | + | Vulnerability Insight: | |
− | + | The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys. | |
− | The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems | + | The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]! |
− | with weak keys, and should not be used anymore. | + | . Arcfour (and RC4) has problems |
− | + | with weak keys, and should not be used anymore. | |
+ | The `none` algorithm specifies that no encryption is to be done. | ||
Note that this method provides no confidentiality protection, and it | Note that this method provides no confidentiality protection, and it | ||
− | is NOT RECOMMENDED to use it. | + | is NOT RECOMMENDED to use it. |
− | + | A vulnerability exists in SSH messages that employ CBC mode that may allow an ! | |
− | + | attacker to recover plaintext from a block of ciphertext. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | Vulnerability Detection Method: | ||
+ | Check if remote ssh service supports Arcfour, none or CBC ciphers. | ||
+ | Details: | ||
+ | SSH Weak Encryption Algorithms Supported | ||
+ | (OID: 1.3.6.1.4.1.25623.1.0.105611) | ||
+ | Version used: $Revision: 13581 $ | ||
+ | |||
+ | References: | ||
+ | Other: | ||
+ | https://tools.ietf.org/html/rfc4253#section-6.3 | ||
+ | https://www.kb.cert.org/vuls/id/958563 | ||
+ | |||
+ | |||
+ | Issue | ||
+ | ----- | ||
+ | NVT: SSH Weak MAC Algorithms Supported | ||
+ | OID: 1.3.6.1.4.1.25623.1.0.105610 | ||
+ | Threat: Low (CVSS: 2.6) | ||
+ | Port: 22/tcp | ||
+ | |||
+ | Summary: | ||
+ | The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith! | ||
+ | ms. | ||
+ | |||
+ | Vulnerability Detection Result: | ||
+ | The following weak client-to-server MAC algorithms are supported by the remote s! | ||
+ | ervice: | ||
+ | hmac-md5 | ||
+ | hmac-md5-96 | ||
+ | hmac-sha1-96 | ||
+ | The following weak server-to-client MAC algorithms are supported by the remote s! | ||
+ | ervice: | ||
hmac-md5 | hmac-md5 | ||
hmac-md5-96 | hmac-md5-96 | ||
hmac-sha1-96 | hmac-sha1-96 | ||
+ | |||
+ | Solution: | ||
+ | Solution type: Mitigation | ||
+ | Disable the weak MAC algorithms. | ||
+ | |||
+ | Vulnerability Detection Method: | ||
+ | Details: | ||
+ | SSH Weak MAC Algorithms Supported | ||
+ | (OID: 1.3.6.1.4.1.25623.1.0.105610) | ||
+ | Version used: $Revision: 13581 $ | ||
− | + | Issue | |
+ | ----- | ||
+ | NVT: TCP timestamps | ||
+ | OID: 1.3.6.1.4.1.25623.1.0.80091 | ||
+ | Threat: Low (CVSS: 2.6) | ||
+ | Port: general/tcp | ||
− | + | Summary: | |
− | + | The remote host implements TCP timestamps and therefore allows to compute | |
− | + | the uptime. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | the uptime | ||
− | |||
− | |||
− | |||
+ | Vulnerability Detection Result: | ||
+ | It was detected that the host implements RFC1323. | ||
The following timestamps were retrieved with a delay of 1 seconds in-between: | The following timestamps were retrieved with a delay of 1 seconds in-between: | ||
Packet 1: 3183497 | Packet 1: 3183497 | ||
− | Packet 2: 3185039 | + | Packet 2: 3185039 |
− | + | ||
− | + | Impact: | |
− | + | A side effect of this feature is that the uptime of the remote | |
− | host can sometimes be computed. | + | host can sometimes be computed. |
− | + | ||
− | + | Solution: | |
− | + | Solution type: Mitigation | |
− | + | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to | |
− | /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. | + | /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. |
− | + | To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta! | |
− | + | mps=disabled' | |
− | + | Starting with Windows Server 2008 and Vista, the timestamp can not be complete! | |
− | Timestamp options when initiating TCP connections, but use them if the TCP | + | ly disabled. |
− | that is initiating communication includes them in their synchronize (SYN) | + | The default behavior of the TCP/IP stack on this Systems is to not use the |
− | + | Timestamp options when initiating TCP connections, but use them if the TCP pee! | |
− | + | r | |
− | + | that is initiating communication includes them in their synchronize (SYN) segm! | |
− | + | ent. | |
− | + | See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152 | |
− | + | ||
− | + | Affected Software/OS: | |
− | + | TCP/IPv4 implementations that implement RFC1323. | |
− | + | ||
− | + | Vulnerability Insight: | |
− | target IP. The responses are searched for a timestamps. If found, the | + | The remote host implements TCP timestamps, as defined by RFC1323. |
− | + | ||
− | + | Vulnerability Detection Method: | |
− | + | Special IP packets are forged and sent with a little delay in between to the | |
− | + | target IP. The responses are searched for a timestamps. If found, the timestam! | |
− | + | ps are reported. | |
− | + | Details: | |
− | + | TCP timestamps | |
− | + | (OID: 1.3.6.1.4.1.25623.1.0.80091) | |
− | + | Version used: $Revision: 10411 $ | |
− | + | ||
− | + | References: | |
− | + | Other: | |
− | + | http://www.ietf.org/rfc/rfc1323.txt | |
− | + | </source> | |
− | |||
− | |||
− | |||
− | |||
− | </ |
Revisió de 11:34, 15 abr 2020
I Summary ========= This document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue. All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC". Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report.Information on overrides is included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Log" are not shown. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown. Only results with a minimum QoD of 70 are shown. This report contains all 5 results selected by the filtering described above. Before filtering there were 155 results. Scan started: Fri Mar 1 14:54:15 2019 UTC Scan ended: Fri Mar 1 15:41:58 2019 UTC Task: Nose OVA Host Summary ************ Host High Medium Low Log False Positive 10.17.3.6 0 3 2 0 0 Total: 1 0 3 2 0 0 II Results per Host =================== Host 10.17.3.6 ************** Scanning of this host started at: Fri Mar 1 15:21:42 2019 UTC Number of results: 5 Port Summary for Host 10.17.3.6 ------------------------------- Service (Port) Threat Level 22/tcp Medium general/tcp Low 80/tcp Medium Security Issues for Host 10.17.3.6 ---------------------------------- Issue ----- NVT: HTTP Debugging Methods (TRACE/TRACK) Enabled OID: 1.3.6.1.4.1.25623.1.0.11213 Threat: Medium (CVSS: 5.8) Port: 80/tcp Summary: Debugging functions are enabled on the remote web server. The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. Vulnerability Detection Result: The web server has the following HTTP methods enabled: TRACE Impact: An attacker may use this flaw to trick your legitimate web users to give him their credentials. Solution: Solution type: Mitigation Disable the TRACE and TRACK methods in your web server configuration. Please see the manual of your web server or the references for more informatio! n. Affected Software/OS: Web servers with enabled TRACE and/or TRACK methods. Vulnerability Insight: It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, wh! en used in conjunction with various weaknesses in browsers. Vulnerability Detection Method: Details: HTTP Debugging Methods (TRACE/TRACK) Enabled (OID: 1.3.6.1.4.1.25623.1.0.11213) Version used: $Revision: 10828 $ References: CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883 BID: 9506, 9561, 11604, 15222, 19915, 24456, 33374, 36956, 36990, 37995 CERT: CB-K14/0981 , DFN-CERT-2014-1018 , DFN-CERT-2010-0020 Other: http://www.kb.cert.org/vuls/id/288308 http://www.kb.cert.org/vuls/id/867593 http://httpd.apache.org/docs/current/de/mod/core.html#traceenable https://www.owasp.org/index.php/Cross_Site_Tracing Issue ----- NVT: Linux Home Folder Accessible OID: 1.3.6.1.4.1.25623.1.0.111108 Threat: Medium (CVSS: 5.0) Port: 80/tcp Summary: The script attempts to identify files of a linux home folder accessible at the webserver. Vulnerability Detection Result: The following files were identified: http://10.17.3.6/.bash_history Impact: Based on the information provided in this files an attacker might be able to gather additional info. Solution: Solution type: Mitigation A users home folder shouldn't be accessible via a webserver. Restrict access to ! it or remove it completely. Vulnerability Insight: Currently the script is checking for the following files: - /.ssh/authorized_keys - /.ssh/known_hosts - /.ssh/identity - /.ssh/id_rsa - /.ssh/id_rsa.pub - /.ssh/id_dsa - /.ssh/id_dsa.pub - /.ssh/id_dss - /.ssh/id_dss.pub - /.ssh/id_ecdsa - /.ssh/id_ecdsa.pub - /.ssh/id_ed25519 - /.ssh/id_ed25519.pub - /.mysql_history - /.sqlite_history - /.psql_history - /.sh_history - /.bash_history - /.profile - /.bashrc Vulnerability Detection Method: Check the response if files from a home folder are accessible. Details: Linux Home Folder Accessible (OID: 1.3.6.1.4.1.25623.1.0.111108) Version used: $Revision: 10157 $ Issue ----- NVT: SSH Weak Encryption Algorithms Supported OID: 1.3.6.1.4.1.25623.1.0.105611 Threat: Medium (CVSS: 4.3) Port: 22/tcp Summary: The remote SSH server is configured to allow weak encryption algorithms. Vulnerability Detection Result: The following weak client-to-server encryption algorithms are supported by the r! emote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The following weak server-to-client encryption algorithms are supported by the r! emote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se Solution: Solution type: Mitigation Disable the weak encryption algorithms. Vulnerability Insight: The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]! . Arcfour (and RC4) has problems with weak keys, and should not be used anymore. The `none` algorithm specifies that no encryption is to be done. Note that this method provides no confidentiality protection, and it is NOT RECOMMENDED to use it. A vulnerability exists in SSH messages that employ CBC mode that may allow an ! attacker to recover plaintext from a block of ciphertext. Vulnerability Detection Method: Check if remote ssh service supports Arcfour, none or CBC ciphers. Details: SSH Weak Encryption Algorithms Supported (OID: 1.3.6.1.4.1.25623.1.0.105611) Version used: $Revision: 13581 $ References: Other: https://tools.ietf.org/html/rfc4253#section-6.3 https://www.kb.cert.org/vuls/id/958563 Issue ----- NVT: SSH Weak MAC Algorithms Supported OID: 1.3.6.1.4.1.25623.1.0.105610 Threat: Low (CVSS: 2.6) Port: 22/tcp Summary: The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith! ms. Vulnerability Detection Result: The following weak client-to-server MAC algorithms are supported by the remote s! ervice: hmac-md5 hmac-md5-96 hmac-sha1-96 The following weak server-to-client MAC algorithms are supported by the remote s! ervice: hmac-md5 hmac-md5-96 hmac-sha1-96 Solution: Solution type: Mitigation Disable the weak MAC algorithms. Vulnerability Detection Method: Details: SSH Weak MAC Algorithms Supported (OID: 1.3.6.1.4.1.25623.1.0.105610) Version used: $Revision: 13581 $ Issue ----- NVT: TCP timestamps OID: 1.3.6.1.4.1.25623.1.0.80091 Threat: Low (CVSS: 2.6) Port: general/tcp Summary: The remote host implements TCP timestamps and therefore allows to compute the uptime. Vulnerability Detection Result: It was detected that the host implements RFC1323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 3183497 Packet 2: 3185039 Impact: A side effect of this feature is that the uptime of the remote host can sometimes be computed. Solution: Solution type: Mitigation To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta! mps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be complete! ly disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP pee! r that is initiating communication includes them in their synchronize (SYN) segm! ent. See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152 Affected Software/OS: TCP/IPv4 implementations that implement RFC1323. Vulnerability Insight: The remote host implements TCP timestamps, as defined by RFC1323. Vulnerability Detection Method: Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestam! ps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: $Revision: 10411 $ References: Other: http://www.ietf.org/rfc/rfc1323.txt