Openvas Hostedscan Report 2024-04-30
Openvas Hostedscan Report 2024-04-30
Openvas Hostedscan Report 2024-04-30
Vulnerability Scan
Report
prepared by
HostedScan Security
hostedscan.com
HostedScan Security Vulnerability Scan Report
Overview
1 Executive Summary 3
2 Risks By Target 4
3 Network Vulnerabilities 6
4 Glossary 17
hostedscan.com 2
Executive Summary Vulnerability Scan Report
1 Executive Summary
Vulnerability scans were conducted on selected servers, networks, websites, and applications. This report contains
the discovered potential risks from these scans. Risks have been classified into categories according to the level of
threat and degree of potential harm they may pose.
0 1 6 2 0
11% 67% 22%
Vulnerability Categories
9
Network Vulnerabilities
hostedscan.com 3
Risks By Target Vulnerability Scan Report
2 Risks By Target
This section contains the vulnerability findings for each target that was scanned. Prioritize the most vulnerable assets
first.
41.66.249.148 0 1 6 2 0
hostedscan.com 4
Risks By Target | 41.66.249.148 Vulnerability Scan Report
Target
41.66.249.148
Total Risks
0 1 6 2 0
hostedscan.com 5
Network Vulnerabilities Vulnerability Scan Report
3 Network Vulnerabilities
The OpenVAS network vulnerability scan tests servers and internet connected devices for over 50,000
vulnerabilities. OpenVAS uses the Common Vulnerability Scoring System (CVSS) to quantify the severity of findings.
0.0 is the lowest severity and 10.0 is the highest.
0 1 6 2 0
11% 67% 22%
hostedscan.com 6
Network Vulnerabilities Vulnerability Scan Report
hostedscan.com 7
Network Vulnerabilities | SSL/TLS: Report Vulnerable Cipher Suites for HTTPS Vulnerability Scan Report
Description
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services.
These rules are applied for the evaluation of the vulnerable cipher suites:
Solution
The configuration of this services should be changed so that it does not accept the listed cipher suites anymore.
Please see the references for more resources supporting you with this task.
References
CVE-2016-2183
CVE-2016-6329
CVE-2020-12872
https://bettercrypto.org/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://sweet32.info/
hostedscan.com 8
Network Vulnerabilities | SSL/TLS: Report Weak Cipher Suites Vulnerability Scan Report
Description
This routine reports all Weak SSL/TLS cipher suites accepted by a service.
NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported. If too strong cipher
suites are configured for this service the alternative would be to fall back to an even more insecure cleartext communication.
These rules are applied for the evaluation of the cryptographic strength:
- RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808)
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak (CVE-2015-
4000)
Solution
The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore.
Please see the references for more resources supporting you with this task.
References
CVE-2013-2566
CVE-2015-2808
CVE-2015-4000
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/warnmeldung_cb-k16-1465_update_6.html
https://bettercrypto.org/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
hostedscan.com 9
Network Vulnerabilities | SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection Vulnerability Scan Report
Description
It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this system.
The SSLv2 and SSLv3 protocols contain known cryptographic flaws like:
- CVE-2014-3566: Padding Oracle On Downgraded Legacy Encryption (POODLE)
- CVE-2016-0800: Decrypting RSA with Obsolete and Weakened eNcryption (DROWN)
An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get
access to sensitive data transferred within the secured connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.
Solution
It is recommended to disable the deprecated SSLv2 and/or SSLv3 protocols in favor of the TLSv1.2+ protocols. Please see the
references for more information.
References
CVE-2016-0800
CVE-2014-3566
https://ssl-config.mozilla.org/
https://bettercrypto.org/
https://drownattack.com/
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014
hostedscan.com 10
Network Vulnerabilities | SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability Vulnerability Scan Report
Description
The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
The Diffie-Hellman group are some big numbers that are used as base for the DH computations. They can be, and often are, fixed. The
security of the final secret depends on the size of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be
breakable by really powerful attackers like governments.
An attacker might be able to decrypt the SSL/TLS communication offline.
Solution
Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use a 2048-bit or stronger Diffie-Hellman group (see the references).
For Apache Web Servers: Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than
1024 bits.
References
https://weakdh.org/
https://weakdh.org/sysadmin.html
hostedscan.com 11
Network Vulnerabilities | SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability Vulnerability Scan Report
Description
The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
The Diffie-Hellman group are some big numbers that are used as base for the DH computations. They can be, and often are, fixed. The
security of the final secret depends on the size of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be
breakable by really powerful attackers like governments.
An attacker might be able to decrypt the SSL/TLS communication offline.
Solution
Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use a 2048-bit or stronger Diffie-Hellman group (see the references).
For Apache Web Servers: Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than
1024 bits.
References
https://weakdh.org/
https://weakdh.org/sysadmin.html
hostedscan.com 12
Network Vulnerabilities | SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection Vulnerability Scan Report
Description
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.
The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)
An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get
access to sensitive data transferred within the secured connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.
Solution
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the
references for more information.
References
CVE-2011-3389
CVE-2015-0204
https://ssl-config.mozilla.org/
https://bettercrypto.org/
https://datatracker.ietf.org/doc/rfc8996/
https://vnhacker.blogspot.com/2011/09/beast.html
https://web.archive.org/web/20201108095603/https://censys.io/blog/freak
https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014
hostedscan.com 13
Network Vulnerabilities | SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection Vulnerability Scan Report
Description
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.
The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)
An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get
access to sensitive data transferred within the secured connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.
Solution
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the
references for more information.
References
CVE-2011-3389
CVE-2015-0204
https://ssl-config.mozilla.org/
https://bettercrypto.org/
https://datatracker.ietf.org/doc/rfc8996/
https://vnhacker.blogspot.com/2011/09/beast.html
https://web.archive.org/web/20201108095603/https://censys.io/blog/freak
https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014
hostedscan.com 14
Network Vulnerabilities | TCP Timestamps Information Disclosure Vulnerability Scan Report
Description
The remote host implements TCP timestamps and therefore allows to compute the uptime.
The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
References
https://datatracker.ietf.org/doc/html/rfc1323
https://datatracker.ietf.org/doc/html/rfc7323
https://web.archive.org/web/20151213072445/http://www.microsoft.com/en-us/download/details.aspx?id=9152
https://www.fortiguard.com/psirt/FG-IR-16-090
hostedscan.com 15
Network Vulnerabilities | SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE) Vulnerability Scan R
SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)
Low
cvss score: 3.4
Description
This host is prone to an information disclosure vulnerability.
The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code
Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream.
Solution
Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+
References
CVE-2014-3566
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.securityfocus.com/bid/70574
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html
hostedscan.com 16
Glossary Vulnerability Scan Report
4 Glossary
Accepted Risk Risk
An accepted risk is one which has been manually A risk is a finding from a vulnerability scan. Each risk is a
reviewed and classified as acceptable to not fix at this potential security issue that needs review. Risks are
time, such as a false positive or an intentional part of the assigned a threat level which represents the potential
system's architecture. severity.
CVSS Score
The CVSS 3.0 score is a global standard for evaluating
vulnerabilities with a 0 to 10 scale. CVSS maps to threat
levels: 0.1 - 3.9 = Low, 4.0 - 6.9 = Medium, 7.0 - 8.9 =
High, 9.0 - 10.0 = Critical
hostedscan.com 17
This report was prepared using
HostedScan Security ®
For more information, visit hostedscan.com
HostedScan, LLC.
hostedscan.com 18