Openvas Hostedscan Report 2024-04-30

Download as pdf or txt
Download as pdf or txt
You are on page 1of 18

April 30, 2024

Vulnerability Scan
Report
prepared by
HostedScan Security

hostedscan.com
HostedScan Security Vulnerability Scan Report

Overview

1 Executive Summary 3

2 Risks By Target 4

3 Network Vulnerabilities 6

4 Glossary 17

hostedscan.com 2
Executive Summary Vulnerability Scan Report

1 Executive Summary
Vulnerability scans were conducted on selected servers, networks, websites, and applications. This report contains
the discovered potential risks from these scans. Risks have been classified into categories according to the level of
threat and degree of potential harm they may pose.

1.1 Total Risks


Below is the total number of risks found by severity. High risks are the most severe and should be evaluated first. An
accepted risk is one which has been manually reviewed and classified as acceptable to not fix at this time, such as a
false positive or an intentional part of the system's architecture.

Critical High Medium Low Accepted

0 1 6 2 0
11% 67% 22%

1.2 Report Coverage


This report includes findings for 1 target that were scanned. Each target is a single URL, IP address, or fully qualified
domain name (FQDN).

Vulnerability Categories

9
Network Vulnerabilities

hostedscan.com 3
Risks By Target Vulnerability Scan Report

2 Risks By Target
This section contains the vulnerability findings for each target that was scanned. Prioritize the most vulnerable assets
first.

2.1 Targets Summary


The total number of risks found for each target, by severity.

Target Critical High Medium Low Accepted

41.66.249.148 0 1 6 2 0

hostedscan.com 4
Risks By Target | 41.66.249.148 Vulnerability Scan Report

2.2 Target Breakdowns


The risks discovered for each target.

Target

41.66.249.148

Total Risks

0 1 6 2 0

11% 67% 22%

Network Vulnerabilities Threat Level First Detected Last Detected

SSL/TLS: Report Vulnerable Cipher Suites for


HTTPS High 0 days ago 0 days ago
cvss score: 7.5

SSL/TLS: Report Weak Cipher Suites


Medium 0 days ago 0 days ago
cvss score: 5.9

SSL/TLS: Deprecated SSLv2 and SSLv3


Protocol Detection Medium 0 days ago 0 days ago
cvss score: 5.9

SSL/TLS: Diffie-Hellman Key Exchange


Insufficient DH Group Strength Vulnerability Medium 0 days ago 0 days ago
cvss score: 4.0

SSL/TLS: Diffie-Hellman Key Exchange


Insufficient DH Group Strength Vulnerability Medium 0 days ago 0 days ago
cvss score: 4.0

SSL/TLS: Deprecated TLSv1.0 and TLSv1.1


Protocol Detection Medium 0 days ago 0 days ago
cvss score: 4.3

SSL/TLS: Deprecated TLSv1.0 and TLSv1.1


Protocol Detection Medium 0 days ago 0 days ago
cvss score: 4.3

TCP Timestamps Information Disclosure


Low 0 days ago 0 days ago
cvss score: 2.6

SSL/TLS: SSLv3 Protocol CBC Cipher Suites


Information Disclosure Vulnerability (POODLE) Low 0 days ago 0 days ago
cvss score: 3.4

hostedscan.com 5
Network Vulnerabilities Vulnerability Scan Report

3 Network Vulnerabilities
The OpenVAS network vulnerability scan tests servers and internet connected devices for over 50,000
vulnerabilities. OpenVAS uses the Common Vulnerability Scoring System (CVSS) to quantify the severity of findings.
0.0 is the lowest severity and 10.0 is the highest.

3.1 Total Risks


Total number of risks found by severity.

Critical High Medium Low Accepted

0 1 6 2 0
11% 67% 22%

3.2 Risks Breakdown


Summary list of all detected risks.

Title Threat Level CVSS Score Open Accepted

SSL/TLS: Report Vulnerable Cipher Suites for HTTPS High 7.5 1 0

SSL/TLS: Report Weak Cipher Suites Medium 5.9 1 0

SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection Medium 5.9 1 0

SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Medium 1 0


4.0
Vulnerability

SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength


Medium 4.0 1 0
Vulnerability

SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection Medium 4.3 1 0

SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection Medium 4.3 1 0

TCP Timestamps Information Disclosure Low 2.6 1 0

SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure

hostedscan.com 6
Network Vulnerabilities Vulnerability Scan Report

Vulnerability (POODLE) Low 3.4 1 0

hostedscan.com 7
Network Vulnerabilities | SSL/TLS: Report Vulnerable Cipher Suites for HTTPS Vulnerability Scan Report

3.3 Full Risk Details


Detailed information about each risk found by the scan.

SSL/TLS: Report Vulnerable Cipher Suites for HTTPS


High
cvss score: 7.5

Description
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services.
These rules are applied for the evaluation of the vulnerable cipher suites:

- 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).

Solution
The configuration of this services should be changed so that it does not accept the listed cipher suites anymore.
Please see the references for more resources supporting you with this task.

References
CVE-2016-2183
CVE-2016-6329
CVE-2020-12872
https://bettercrypto.org/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://sweet32.info/

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 8
Network Vulnerabilities | SSL/TLS: Report Weak Cipher Suites Vulnerability Scan Report

SSL/TLS: Report Weak Cipher Suites


Medium
cvss score: 5.9

Description
This routine reports all Weak SSL/TLS cipher suites accepted by a service.
NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported. If too strong cipher
suites are configured for this service the alternative would be to fall back to an even more insecure cleartext communication.

These rules are applied for the evaluation of the cryptographic strength:
- RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808)
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak (CVE-2015-
4000)

- 1024 bit RSA authentication is considered to be insecure and therefore as weak


- Any cipher considered to be secure for only the next 10 years is considered as medium
- Any other cipher is considered as strong

Solution
The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore.
Please see the references for more resources supporting you with this task.

References
CVE-2013-2566
CVE-2015-2808
CVE-2015-4000
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/warnmeldung_cb-k16-1465_update_6.html
https://bettercrypto.org/
https://mozilla.github.io/server-side-tls/ssl-config-generator/

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 9
Network Vulnerabilities | SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection Vulnerability Scan Report

SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection


Medium
cvss score: 5.9

Description
It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this system.

The SSLv2 and SSLv3 protocols contain known cryptographic flaws like:
- CVE-2014-3566: Padding Oracle On Downgraded Legacy Encryption (POODLE)
- CVE-2016-0800: Decrypting RSA with Obsolete and Weakened eNcryption (DROWN)

An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get
access to sensitive data transferred within the secured connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.

Solution
It is recommended to disable the deprecated SSLv2 and/or SSLv3 protocols in favor of the TLSv1.2+ protocols. Please see the
references for more information.

References
CVE-2016-0800
CVE-2014-3566
https://ssl-config.mozilla.org/
https://bettercrypto.org/
https://drownattack.com/
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 10
Network Vulnerabilities | SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability Vulnerability Scan Report

SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability


Medium
cvss score: 4.0

Description
The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
The Diffie-Hellman group are some big numbers that are used as base for the DH computations. They can be, and often are, fixed. The
security of the final secret depends on the size of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be
breakable by really powerful attackers like governments.
An attacker might be able to decrypt the SSL/TLS communication offline.

Solution
Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use a 2048-bit or stronger Diffie-Hellman group (see the references).
For Apache Web Servers: Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than
1024 bits.

References
https://weakdh.org/
https://weakdh.org/sysadmin.html

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 11
Network Vulnerabilities | SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability Vulnerability Scan Report

SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability


Medium
cvss score: 4.0

Description
The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
The Diffie-Hellman group are some big numbers that are used as base for the DH computations. They can be, and often are, fixed. The
security of the final secret depends on the size of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be
breakable by really powerful attackers like governments.
An attacker might be able to decrypt the SSL/TLS communication offline.

Solution
Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use a 2048-bit or stronger Diffie-Hellman group (see the references).
For Apache Web Servers: Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than
1024 bits.

References
https://weakdh.org/
https://weakdh.org/sysadmin.html

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 12
Network Vulnerabilities | SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection Vulnerability Scan Report

SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection


Medium
cvss score: 4.3

Description
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.

The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)
An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get
access to sensitive data transferred within the secured connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.

Solution
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the
references for more information.

References
CVE-2011-3389
CVE-2015-0204
https://ssl-config.mozilla.org/
https://bettercrypto.org/
https://datatracker.ietf.org/doc/rfc8996/
https://vnhacker.blogspot.com/2011/09/beast.html
https://web.archive.org/web/20201108095603/https://censys.io/blog/freak
https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 13
Network Vulnerabilities | SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection Vulnerability Scan Report

SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection


Medium
cvss score: 4.3

Description
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.
The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)
An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get
access to sensitive data transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.

Solution
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the
references for more information.

References
CVE-2011-3389
CVE-2015-0204
https://ssl-config.mozilla.org/
https://bettercrypto.org/
https://datatracker.ietf.org/doc/rfc8996/
https://vnhacker.blogspot.com/2011/09/beast.html
https://web.archive.org/web/20201108095603/https://censys.io/blog/freak
https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 14
Network Vulnerabilities | TCP Timestamps Information Disclosure Vulnerability Scan Report

TCP Timestamps Information Disclosure


Low
cvss score: 2.6

Description
The remote host implements TCP timestamps and therefore allows to compute the uptime.
The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.
A side effect of this feature is that the uptime of the remote host can sometimes be computed.

Solution
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps

References
https://datatracker.ietf.org/doc/html/rfc1323
https://datatracker.ietf.org/doc/html/rfc7323
https://web.archive.org/web/20151213072445/http://www.microsoft.com/en-us/download/details.aspx?id=9152
https://www.fortiguard.com/psirt/FG-IR-16-090

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 15
Network Vulnerabilities | SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE) Vulnerability Scan R

SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)
Low
cvss score: 3.4

Description
This host is prone to an information disclosure vulnerability.
The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code
Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream.

Solution
Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+

References
CVE-2014-3566
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.securityfocus.com/bid/70574
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html

Vulnerable Target First Detected Last Detected

41.66.249.148 0 days ago 0 days ago

hostedscan.com 16
Glossary Vulnerability Scan Report

4 Glossary
Accepted Risk Risk
An accepted risk is one which has been manually A risk is a finding from a vulnerability scan. Each risk is a
reviewed and classified as acceptable to not fix at this potential security issue that needs review. Risks are
time, such as a false positive or an intentional part of the assigned a threat level which represents the potential
system's architecture. severity.

Fully Qualified Domain Name (FQDN) Target


A fully qualified domain name is a complete domain name A target represents target is a single URL, IP address, or
for a specific website or service on the internet. This fully qualified domain name (FQDN) that was scanned.
includes not only the website or service name, but also the
top-level domain name, such as .com, .org, .net, etc. For Threat Level
example, 'www.example.com' is an FQDN.
The threat level represents the estimated potential severity
of a particular risk. Threat level is divided into 4
Network Vulnerabilities
categories: High, Medium, Low and Accepted.
The OpenVAS network vulnerability scan tests servers and
internet connected devices for over 50,000 vulnerabilities. Threat Level
OpenVAS uses the Common Vulnerability Scoring System
The threat level represents the estimated potential severity
(CVSS) to quantify the severity of findings. 0.0 is the
of a particular risk. Threat level is divided into 5
lowest severity and 10.0 is the highest.
categories: Critical, High, Medium, Low and Accepted.

CVSS Score
The CVSS 3.0 score is a global standard for evaluating
vulnerabilities with a 0 to 10 scale. CVSS maps to threat
levels: 0.1 - 3.9 = Low, 4.0 - 6.9 = Medium, 7.0 - 8.9 =
High, 9.0 - 10.0 = Critical

hostedscan.com 17
This report was prepared using

HostedScan Security ®
For more information, visit hostedscan.com

Founded in Seattle, Washington in 2019, HostedScan, LLC. is


dedicated to making continuous vulnerability scanning and risk
management much more easily accessible to more businesses.

HostedScan, LLC.

2212 Queen Anne Ave N


Suite #521 Terms & Policies
Seattle, WA 98109 [email protected]

hostedscan.com 18

You might also like