escaneo_jncxfo

Nessus ReportNessus Scan Report

16/Aug/2013:12:47:38

HomeFeed: Commercial use of the report is prohibited

Any time Nessus is used in a commercial environment you MUST maintain an activesubscription to the ProfessionalFeed in order to be compliant with our license agreement:http://www.nessus.org/products/nessus-professionalfeed

http://www.nessus.org/products/nessus-professionalfeed

Table Of ContentsVulnerabilities By Host......................................................................................................... 3

•192.168.1.254..............................................................................................................................................................4

Vulnerabilities By Plugin.....................................................................................................32

•12217 (1) - DNS Server Cache Snooping Remote Information Disclosure..............................................................33

•26928 (1) - SSL Weak Cipher Suites Supported..................................................................................................... 34

•42873 (1) - SSL Medium Strength Cipher Suites Supported................................................................................... 36

•51192 (1) - SSL Certificate Cannot Be Trusted....................................................................................................... 37

•51892 (1) - OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume CiphersuiteDowngrade Issue.........................................................................................................................................................38

•57582 (1) - SSL Self-Signed Certificate................................................................................................................... 39

•10663 (1) - DHCP Server Detection.........................................................................................................................40

•34324 (1) - FTP Supports Clear Text Authentication............................................................................................... 41

•42263 (1) - Unencrypted Telnet Server....................................................................................................................42

•65821 (1) - SSL RC4 Cipher Suites Supported....................................................................................................... 43

•10335 (7) - Nessus TCP scanner.............................................................................................................................45

•11219 (7) - Nessus SYN scanner.............................................................................................................................46

•22964 (5) - Service Detection...................................................................................................................................47

•24260 (3) - HyperText Transfer Protocol (HTTP) Information..................................................................................48

•10386 (2) - Web Server No 404 Error Code Check.................................................................................................49

•11002 (2) - DNS Server Detection........................................................................................................................... 50

•20108 (2) - Web Server / Application favicon.ico Vendor Fingerprinting..................................................................51

•43111 (2) - HTTP Methods Allowed (per directory)................................................................................................. 52

•10092 (1) - FTP Server Detection............................................................................................................................ 53

•10281 (1) - Telnet Server Detection......................................................................................................................... 54

•10287 (1) - Traceroute Information...........................................................................................................................55

•10622 (1) - PPTP Detection..................................................................................................................................... 56

•10863 (1) - SSL Certificate Information....................................................................................................................57

•11239 (1) - Web Server Crafted Request Vendor/Version Information Disclosure.................................................. 58

•11936 (1) - OS Identification.....................................................................................................................................59

•12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution........................................................................60

•19506 (1) - Nessus Scan Information.......................................................................................................................61

•21643 (1) - SSL Cipher Suites Supported................................................................................................................62

•25220 (1) - TCP/IP Timestamps Supported............................................................................................................. 63

•45410 (1) - SSL Certificate commonName Mismatch.............................................................................................. 64

•50845 (1) - OpenSSL Detection............................................................................................................................... 65

•51891 (1) - SSL Session Resume Supported.......................................................................................................... 66

•54615 (1) - Device Type...........................................................................................................................................67

•56984 (1) - SSL / TLS Versions Supported..............................................................................................................68

•57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported....................................................................... 69

•58768 (1) - SSL Resume With Different Cipher Issue............................................................................................. 70

•62563 (1) - SSL Compression Methods Supported................................................................................................. 71

•66334 (1) - Patch Report..........................................................................................................................................72

Hosts Summary (Executive)...............................................................................................73

•192.168.1.254............................................................................................................................................................74

Vulnerabilities By Host

4

192.168.1.254Scan Information

Start time: Fri Aug 16 12:47:39 2013

End time: Fri Aug 16 13:08:31 2013

Host Information

DNS Name: dsldevice.lan

IP: 192.168.1.254

MAC Address: a4:b1:e9:0a:d9:22

OS: SCO UnixWare 7.1.1

Results Summary

Critical High Medium Low Info Total

0 0 6 4 50 60

Results Details0/tcp25220 - TCP/IP Timestamps SupportedSynopsis

The remote service implements TCP timestamps.

Description

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.

See Also

http://www.ietf.org/rfc/rfc1323.txt

Solution

n/a

Risk Factor

None

Plugin Information:

Publication date: 2007/05/16, Modification date: 2011/03/20

Portstcp/012053 - Host Fully Qualified Domain Name (FQDN) ResolutionSynopsis

It was possible to resolve the name of the remote host.

Description

Nessus was able to resolve the FQDN of the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0


5

192.168.1.254 resolves as dsldevice.lan.

11936 - OS IdentificationSynopsis

It is possible to guess the remote operating system.

Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Remote operating system : SCO UnixWare 7.1.1Confidence Level : 65Method : SinFP The remote host is running SCO UnixWare 7.1.1

54615 - Device TypeSynopsis

It is possible to guess the remote device type.

Description

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Remote device type : general-purposeConfidence level : 65

66334 - Patch ReportSynopsis

The remote host is missing several patches

Description

The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution

Install the patches listed below

Risk Factor

None

Plugin Information:

6


Portstcp/0

. You need to take the following action:[ OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue (51892) ] + Action to take: Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.

19506 - Nessus Scan InformationSynopsis

Information about the Nessus scan.

Description

This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Information about this scan : Nessus version : 5.2.1Plugin feed version : 201308160915Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 192.168.1.66Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/8/16 12:47Scan duration : 1252 sec

0/udp

7

10287 - Traceroute InformationSynopsis

It was possible to obtain traceroute information.

Description

Makes a traceroute to the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Portsudp/0

For your information, here is the traceroute from 192.168.1.66 to 192.168.1.254 : 192.168.1.66192.168.1.254

21/tcp34324 - FTP Supports Clear Text AuthenticationSynopsis

Authentication credentials might be intercepted.

Description

The remote FTP server allows the user's name and password to be transmitted in clear text, which could beintercepted by a network sniffer or a man-in-the-middle attack.

Solution

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so thatcontrol connections are encrypted.

Risk Factor

Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References

XREF CWE:522

XREF CWE:523

Plugin Information:


Portstcp/21

This FTP server does not support 'AUTH TLS'.

11219 - Nessus SYN scannerSynopsis

It is possible to determine which TCP ports are open.

Description

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution

Protect your target with an IP filter.

http://cwe.mitre.org/data/definitions/522


8

Risk Factor

None

Plugin Information:


Portstcp/21

Port 21/tcp was found to be open

10335 - Nessus TCP scannerSynopsis


Description

This plugin is a classical TCP port scanner. It shall be reasonably quick even against a firewalled target.Once a TCP connection is open, it grabs any available banner for the service identification plugins.Note that TCP scanners are more intrusive than SYN (half open) scanners.

Solution


Risk Factor

None

Portstcp/21


10092 - FTP Server DetectionSynopsis

An FTP server is listening on this port.

Description

It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution

N/A

Risk Factor

None

Plugin Information:


Portstcp/21

The remote FTP banner is : 220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.

23/tcp42263 - Unencrypted Telnet ServerSynopsis

The remote Telnet server transmits traffic in cleartext.

Description

The remote host is running a Telnet server over an unencrypted channel.Using Telnet over an unencrypted channel is not recommended as logins, passwords and commands are transferredin cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive information.Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can tunnel additional datastreams such as the X11 session.

Solution

9

Disable this service and use SSH instead.

Risk Factor

Low

CVSS Base Score


Plugin Information:


Portstcp/23

Nessus collected the following banner from the remote Telnet server : ------------------------------ snip ------------------------------Username : ------------------------------ snip ------------------------------



Description


Solution


Risk Factor

None

Plugin Information:


Portstcp/23




Description


Solution


Risk Factor

None

Portstcp/23


22964 - Service DetectionSynopsis

The remote service could be identified.

Description

10

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/23

A telnet server is running on this port.

10281 - Telnet Server DetectionSynopsis

A Telnet server is listening on the remote port.

Description

The remote host is running a Telnet server, a remote terminal server.

Solution

Disable this service if you do not use it.

Risk Factor

None

Plugin Information:


Portstcp/23

Here is the banner from the remote Telnet server : ------------------------------ snip ------------------------------Username : ------------------------------ snip ------------------------------

53/tcp11219 - Nessus SYN scannerSynopsis


Description


Solution


Risk Factor

None

Plugin Information:


Portstcp/53



11


Description


Solution


Risk Factor

None

Portstcp/53


11002 - DNS Server DetectionSynopsis

A DNS server is listening on the remote host.

Description

The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IPaddresses.

See Also

http://en.wikipedia.org/wiki/Domain_Name_System

Solution

Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.

Risk Factor

None

Plugin Information:


Portstcp/5353/udp12217 - DNS Server Cache Snooping Remote Information DisclosureSynopsis

The remote DNS server is vulnerable to cache snooping attacks.

Description

The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.This may allow a remote attacker to determine which domains have recently been resolved via this name server, andtherefore which hosts have been recently visited.For instance, if an attacker was interested in whether your company utilizes the online services of a particular financialinstitution, they would be able to use this attack to build a statistical model regarding company usage of that financialinstitution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers,and more.Note: If this is an internal DNS server not accessable to outside networks, attacks would be limited to the internalnetwork. This may include employees, consultants and potentially users on a guest network or WiFi connection ifsupported.

See Also

http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf

Solution

Contact the vendor of the DNS software for a fix.

Risk Factor

Medium



12

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:


Portsudp/53

Nessus sent a non-recursive query for example.comand received 1 answer : 93.184.216.119

11002 - DNS Server DetectionSynopsis


Description


See Also


Solution


Risk Factor

None

Plugin Information:


Portsudp/5367/udp10663 - DHCP Server DetectionSynopsis

The remote DHCP server may expose information about the associated network.

Description

This script contacts the remote DHCP server (if any) and attempts to retrieve information about the network layout.Some DHCP servers provide sensitive information such as the NIS domain name, or network layout information suchas the list of the network web servers, and so on.It does not demonstrate any vulnerability, but a local attacker may use DHCP to become intimately familiar with theassociated network.

Solution

Apply filtering to keep this information off the network and remove any options that are not in use.

Risk Factor

Low

CVSS Base Score

3.3 (CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:


Portsudp/67

Nessus gathered the following information from the remote DHCP server : Master DHCP server of this network : 0.0.0.0


13

IP address the DHCP server would attribute us : 192.168.1.66 DHCP server(s) identifier : 192.168.1.254 Netmask : 255.255.255.0 Domain name server(s) : 192.168.1.254 Domain name : lan Router : 192.168.1.254



Description


Solution


Risk Factor

None

Plugin Information:


Portstcp/80




Description


Solution


Risk Factor

None

Portstcp/80




Description


Solution

n/a

Risk Factor

None

Plugin Information:


14

Portstcp/80

A web server is running on this port.

43111 - HTTP Methods Allowed (per directory)Synopsis

This plugin determines which HTTP methods are allowed on various CGI directories.

Description

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

Based on the response to an OPTIONS request : - HTTP methods GET OPTIONS POST TRACE are allowed on : /

10386 - Web Server No 404 Error Code CheckSynopsis

The remote web server does not return 404 error codes.

Description

The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent fileis requested, perhaps returning instead a site map, search page or authentication page.Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number ofsecurity holes are produced for this port, they might not all be accurate.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

CGI scanning will be disabled for this host because the host respondsto requests for non-existent URLs with HTTP code 302rather than 404. The requested URL was : http://dsldevice.lan/cgi-bin/U8EV2Ixb6Oum.html

20108 - Web Server / Application favicon.ico Vendor FingerprintingSynopsis

15

The remote web server contains a graphic image that is prone to information disclosure.

Description

The 'favicon.ico' file found on the remote web server belongs to a popular web server. This may be used to fingerprintthe web server.

Solution

Remove the 'favicon.ico' file or create a custom one for your site.

Risk Factor

None

References

XREF OSVDB:39272

Plugin Information:


Portstcp/80

The MD5 fingerprint for 'favicon.ico' suggests the web server is SpeedTouch.

24260 - HyperText Transfer Protocol (HTTP) InformationSynopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Fri, 16 Aug 2013 11:59:35 GMT Server: Content-length: 0 Connection: keep-alive Keep-Alive: timeout=60, max=2000 Location: http://dsldevice.lan/login.lp Set-Cookie: xAuth_SESSION_ID=BBoUZ0MV0nq7r0JRKqpdnQA=; path=/; Cache-control: no-cache="set-cookie"

443/tcp51192 - SSL Certificate Cannot Be TrustedSynopsis

The SSL certificate for this service cannot be trusted.

Description

http://osvdb.org/show/osvdb/39272

16

The server's X.509 certificate does not have a signature from a known public certificate authority. This situation canoccur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted.First, the top of the certificate chain sent by the server might not be descended from a known public certificateauthority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or whenintermediate certificates are missing that would connect the top of the certificate chain to a known public certificateauthority.Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur eitherwhen the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could notbe verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer.Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessuseither does not support or does not recognize.If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone couldestablish a man-in-the- middle attack against the remote host.

Solution

Purchase or generate a proper certificate for this service.

Risk Factor

Medium

CVSS Base Score

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:


Portstcp/443

The following certificate was at the top of the certificatechain sent by the remote host, but is signed by an unknowncertificate authority : |-Subject : CN=Technicolor TG582n/O=Technicolor/OU=1229AFD9G0|-Issuer : CN=Technicolor TG582n/O=Technicolor/OU=1229AFD9G0

57582 - SSL Self-Signed CertificateSynopsis

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is apublic host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack againstthe remote host.Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signedby an unrecognized certificate authority.

Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Portstcp/443

The following certificate was found at the top of the certificatechain sent by the remote host, but is self-signed and was notfound in the list of known certificate authorities :

17

|-Subject : CN=Technicolor TG582n/O=Technicolor/OU=1229AFD9G0

26928 - SSL Weak Cipher Suites SupportedSynopsis

The remote service supports the use of weak SSL ciphers.

Description

The remote host supports the use of SSL ciphers that offer weak encryption.Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also

http://www.openssl.org/docs/apps/ciphers.html

Solution

Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

STIG Severity

I

References

XREF IAVB:2013-B-0040

XREF CWE:327

XREF CWE:326

XREF CWE:753

XREF CWE:803

XREF CWE:720

Plugin Information:


Portstcp/443

Here is the list of weak SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export The fields above are :







18

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

42873 - SSL Medium Strength Cipher Suites SupportedSynopsis

The remote service supports the use of medium strength SSL ciphers.

Description

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard asthose with key lengths at least 56 bits and less than 112 bits.Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor

Medium

CVSS Base Score


Plugin Information:


Portstcp/443

Here is the list of medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

51892 - OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session ResumeCiphersuite Downgrade IssueSynopsis

The remote host allows resuming SSL sessions with a weaker cipher than the one originally negotiated.

Description

The version of OpenSSL on the remote host has been shown to allow resuming session with a weaker cipher thanwas used when the session was initiated. This means that an attacker that sees (i.e., by sniffing) the start of an SSLconnection can manipulate the OpenSSL session cache to cause subsequent resumptions of that session to use aweaker cipher chosen by the attacker.Note that other SSL implementations may also be affected by this vulnerability.

See Also

http://openssl.org/news/secadv_20101202.txt

Solution


19

Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Temporal Score


References

BID 45164

CVE CVE-2010-4180

XREF OSVDB:69565

Plugin Information:


Portstcp/443

The server allowed the following session over SSLv3 to be resumed as follows : Session ID : 5e33997d5571c2d86e8b687593fc6f70ca53aeb3d8ee889b0340fbe53f26f2a2 Initial Cipher : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Resumed Cipher : SSL3_CK_RSA_RC4_40_MD5 (0x0003)

65821 - SSL RC4 Cipher Suites SupportedSynopsis

The remote service supports the use of the RC4 cipher.

Description

The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation ofa pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing itsrandomness.If plaintext is repeatedly encrypted (e.g. HTTP cookies), and an attacker is able to obtain many (i.e. tens of millions)ciphertexts, the attacker may be able to derive the plaintext.

See Also

http://www.nessus.org/u?217a3666

http://cr.yp.to/talks/2013.03.12/slides.pdf

http://www.isg.rhul.ac.uk/tls/

Solution

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers.

Risk Factor

Low

CVSS Base Score


CVSS Temporal Score


References

BID 58796

CVE CVE-2013-2566

http://www.securityfocus.com/bid/45164

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4180







20

XREF OSVDB:91162

Plugin Information:


Portstcp/443

Here is the list of RC4 cipher suites supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export High Strength Ciphers (>= 112-bit key) SSLv3 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}



Description


Solution


Risk Factor

None

Plugin Information:


Portstcp/443




Description



21

Solution


Risk Factor

None

Portstcp/443




Description


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

A TLSv1 server answered on this port.

tcp/443

A web server is running on this port through TLSv1.



Description


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443


tcp/443


10386 - Web Server No 404 Error Code CheckSynopsis


Description

The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent fileis requested, perhaps returning instead a site map, search page or authentication page.

22

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number ofsecurity holes are produced for this port, they might not all be accurate.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

CGI scanning will be disabled for this host because the host respondsto requests for non-existent URLs with HTTP code 302rather than 404. The requested URL was : https://dsldevice.lan/cgi-bin/U8EV2Ixb6Oum.html

43111 - HTTP Methods Allowed (per directory)Synopsis


Description


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443


20108 - Web Server / Application favicon.ico Vendor FingerprintingSynopsis


Description


Solution


Risk Factor

None

References

23

XREF OSVDB:39272

Plugin Information:


Portstcp/443




Description


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

Protocol version : HTTP/1.1SSL : yesKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Fri, 16 Aug 2013 11:59:50 GMT Server: Content-length: 0 Connection: keep-alive Keep-Alive: timeout=60, max=2000 Location: https://dsldevice.lan/login.lp Set-Cookie: xAuth_SESSION_ID=U+JwQ0UuwOADZvLk/8G9OgA=; path=/; Cache-control: no-cache="set-cookie"

56984 - SSL / TLS Versions SupportedSynopsis

The remote service encrypts communications.

Description

This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

This port supports SSLv3/TLSv1.0.


24

62563 - SSL Compression Methods SupportedSynopsis

The remote service supports one or more compression methods for SSL connections.

Description

This script detects which compression methods are supported by the remote service for SSL connections.

See Also

http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml

http://tools.ietf.org/html/rfc3749



Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

10863 - SSL Certificate InformationSynopsis

This plugin displays the SSL certificate.

Description

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

Subject Name: Common Name: Technicolor TG582nOrganization: TechnicolorOrganization Unit: 1229AFD9G0 Issuer Name: Common Name: Technicolor TG582nOrganization: TechnicolorOrganization Unit: 1229AFD9G0 Serial Number: A8 B9 5A F3 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption





25

Not Valid Before: Jan 01 00:00:00 2005 GMTNot Valid After: Dec 31 00:00:00 2024 GMT Public Key Info: Algorithm: RSA EncryptionKey Length: 1024 bitsPublic Key: 00 AB DA C5 B5 C7 DC 7E 00 55 BA 12 64 F2 79 13 64 79 F0 A1 D5 AC F0 73 12 9F 43 A4 D8 A0 3D CE 78 7A C0 08 73 3C 39 41 63 71 4E B8 CB 0D 26 83 A9 69 41 CE D6 66 5F 8F 9C 68 88 A4 C6 8F D1 C4 B0 E2 49 AE 9C 7E 2C 23 A5 62 86 E4 B6 8B 78 07 90 9E A3 27 E6 82 C6 5B 2F F1 21 E5 2B 71 DA 91 4C 1F CA 67 BE D5 9F D0 97 A1 36 3A EA E4 65 8F E2 F6 E6 53 29 38 58 78 EA C8 FE EC 5A 33 48 D8 7F Exponent: 01 00 01 Signature Length: 128 bytes / 1024 bitsSignature: 00 34 68 BA 30 BC 85 30 E5 BD 34 88 78 64 E2 CB 03 FB D8 FB C1 CD 3B EC 73 26 30 A3 E2 B4 46 38 62 EF 33 1E E0 A4 71 BD 8A 3B EE BE C3 38 68 05 AD 85 FE A9 39 D1 EA 29 E1 AE 53 E6 FD 1F FC D8 0B B0 EA 43 C5 69 68 01 41 78 EF B2 A3 6F 08 66 DF 5E 0D 0C 51 58 85 C1 D5 DE FE 38 3E 6C 00 C3 E6 38 96 0E 08 E3 E0 59 CC 5C 8D 70 A8 3D 69 49 C0 F8 82 9B 80 4E EE BE 0A F3 C5 F9 DF 54 34 5A A0

45410 - SSL Certificate commonName MismatchSynopsis

The SSL certificate commonName does not match the host name.

Description

This service presents an SSL certificate for which the 'commonName'(CN) does not match the host name on which the service listens.

Solution

If the machine has several names, make sure that users connect to the service through the DNS host name thatmatches the common name in the certificate.

Risk Factor

None

Plugin Information:


Portstcp/443

The host name known by Nessus is : dsldevice.lan The Common Name in the certificate is : technicolor tg582n

50845 - OpenSSL DetectionSynopsis

The remote service appears to use OpenSSL to encrypt traffic.

Description

Based on its response to a TLS request with a specially crafted server name extension, it seems that the remoteservice is using the OpenSSL library to encrypt traffic.Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC4366).

See Also

http://www.openssl.org

Solution


26

n/a

Risk Factor

None

Plugin Information:


Portstcp/44321643 - SSL Cipher Suites SupportedSynopsis

The remote service encrypts communications using SSL.

Description

This script detects which SSL ciphers are supported by the remote service for encrypting communications.

See Also


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

Here is the list of SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 High Strength Ciphers (>= 112-bit key) SSLv3 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1


27

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DH [...]

57041 - SSL Perfect Forward Secrecy Cipher Suites SupportedSynopsis

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even ifthe key is stolen.

Description

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These ciphersuites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.

See Also


http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange

http://en.wikipedia.org/wiki/Perfect_forward_secrecy

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

Here is the list of SSL PFS ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 High Strength Ciphers (>= 112-bit key) SSLv3 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication}




28

Enc={symmetric encryption method} Mac={message authentication code} {export flag}

51891 - SSL Session Resume SupportedSynopsis

The remote host allows resuming SSL sessions.

Description

This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive asession ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in thesecond connection, the server maintains a cache of sessions that can be resumed.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443

This port supports resuming SSLv3 sessions.

58768 - SSL Resume With Different Cipher IssueSynopsis

The remote host allows resuming SSL sessions with a different cipher than the one originally negotiated.

Description

The SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiatedwhen resuming a session. An attacker that sees (e.g. by sniffing) the start of an SSL connection may be able tomanipulate session cache to cause subsequent resumptions of that session to use a cipher chosen by the attacker.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/443




Description


Solution


29

Risk Factor

None

Plugin Information:


Portstcp/1723




Description


Solution


Risk Factor

None

Portstcp/1723


10622 - PPTP DetectionSynopsis

A VPN server is listening on the remote port.

Description

The remote host is running a PPTP (Point-to-Point Tunneling Protocol) server. It allows users to set up a tunnelbetween their host and the network the remote host is attached to.

Solution

Make sure use of this software is in agreement with your organization's security policy.

Risk Factor

None

Plugin Information:


Portstcp/1723

It was possible to extract the following information from the remote PPTP server : Firmware Version : 1Vendor Name : THOMSONHost name : SpeedTouch



Description


Solution

30


Risk Factor

None

Plugin Information:


Portstcp/8000




Description


Solution


Risk Factor

None

Portstcp/8000




Description


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/8000


11239 - Web Server Crafted Request Vendor/Version Information DisclosureSynopsis

The remote host is running a web server that may be leaking information.

Description

The web server running on the remote host appears to be hiding its version or name, which is a good thing. However,using a specially crafted request, Nessus was able to discover the information.

Solution

No generic solution is known. Contact your vendor for a fix or a workaround.

Risk Factor

None

31

Plugin Information:


Portstcp/8000

After sending this request :HELP Nessus was able to gather the following information from the web server :Technicolor



Description


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/8000

Protocol version : HTTP/1.0SSL : noKeep-Alive : noOptions allowed : (Not implemented)Headers : Location: http://192.168.1.254:80

Vulnerabilities By Plugin

33

12217 (1) - DNS Server Cache Snooping Remote Information DisclosureSynopsis

The remote DNS server is vulnerable to cache snooping attacks.

Description

The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.This may allow a remote attacker to determine which domains have recently been resolved via this name server, andtherefore which hosts have been recently visited.For instance, if an attacker was interested in whether your company utilizes the online services of a particular financialinstitution, they would be able to use this attack to build a statistical model regarding company usage of that financialinstitution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers,and more.Note: If this is an internal DNS server not accessable to outside networks, attacks would be limited to the internalnetwork. This may include employees, consultants and potentially users on a guest network or WiFi connection ifsupported.

See Also


Solution

Contact the vendor of the DNS software for a fix.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:


Hosts192.168.1.254 (udp/53)

Nessus sent a non-recursive query for example.comand received 1 answer : 93.184.216.119


34

26928 (1) - SSL Weak Cipher Suites SupportedSynopsis

The remote service supports the use of weak SSL ciphers.

Description

The remote host supports the use of SSL ciphers that offer weak encryption.Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also


Solution

Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor

Medium

CVSS Base Score


STIG Severity

I

References

XREF IAVB:2013-B-0040

XREF CWE:327

XREF CWE:326

XREF CWE:753

XREF CWE:803

XREF CWE:720

Plugin Information:


Hosts192.168.1.254 (tcp/443)

Here is the list of weak SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export







35

The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

36

42873 (1) - SSL Medium Strength Cipher Suites SupportedSynopsis

The remote service supports the use of medium strength SSL ciphers.

Description

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard asthose with key lengths at least 56 bits and less than 112 bits.Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor

Medium

CVSS Base Score


Plugin Information:


Hosts192.168.1.254 (tcp/443)

Here is the list of medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

37

51192 (1) - SSL Certificate Cannot Be TrustedSynopsis

The SSL certificate for this service cannot be trusted.

Description

The server's X.509 certificate does not have a signature from a known public certificate authority. This situation canoccur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted.First, the top of the certificate chain sent by the server might not be descended from a known public certificateauthority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or whenintermediate certificates are missing that would connect the top of the certificate chain to a known public certificateauthority.Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur eitherwhen the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could notbe verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer.Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessuseither does not support or does not recognize.If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone couldestablish a man-in-the- middle attack against the remote host.

Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Hosts192.168.1.254 (tcp/443)

The following certificate was at the top of the certificatechain sent by the remote host, but is signed by an unknowncertificate authority : |-Subject : CN=Technicolor TG582n/O=Technicolor/OU=1229AFD9G0|-Issuer : CN=Technicolor TG582n/O=Technicolor/OU=1229AFD9G0

38

51892 (1) - OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session ResumeCiphersuite Downgrade IssueSynopsis

The remote host allows resuming SSL sessions with a weaker cipher than the one originally negotiated.

Description

The version of OpenSSL on the remote host has been shown to allow resuming session with a weaker cipher thanwas used when the session was initiated. This means that an attacker that sees (i.e., by sniffing) the start of an SSLconnection can manipulate the OpenSSL session cache to cause subsequent resumptions of that session to use aweaker cipher chosen by the attacker.Note that other SSL implementations may also be affected by this vulnerability.

See Also


Solution

Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 45164

CVE CVE-2010-4180

XREF OSVDB:69565

Plugin Information:


Hosts192.168.1.254 (tcp/443)






39

57582 (1) - SSL Self-Signed CertificateSynopsis

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is apublic host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack againstthe remote host.Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signedby an unrecognized certificate authority.

Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Hosts192.168.1.254 (tcp/443)

The following certificate was found at the top of the certificatechain sent by the remote host, but is self-signed and was notfound in the list of known certificate authorities : |-Subject : CN=Technicolor TG582n/O=Technicolor/OU=1229AFD9G0

40

10663 (1) - DHCP Server DetectionSynopsis

The remote DHCP server may expose information about the associated network.

Description

This script contacts the remote DHCP server (if any) and attempts to retrieve information about the network layout.Some DHCP servers provide sensitive information such as the NIS domain name, or network layout information suchas the list of the network web servers, and so on.It does not demonstrate any vulnerability, but a local attacker may use DHCP to become intimately familiar with theassociated network.

Solution

Apply filtering to keep this information off the network and remove any options that are not in use.

Risk Factor

Low

CVSS Base Score

3.3 (CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:


Hosts192.168.1.254 (udp/67)

Nessus gathered the following information from the remote DHCP server : Master DHCP server of this network : 0.0.0.0 IP address the DHCP server would attribute us : 192.168.1.66 DHCP server(s) identifier : 192.168.1.254 Netmask : 255.255.255.0 Domain name server(s) : 192.168.1.254 Domain name : lan Router : 192.168.1.254

41

34324 (1) - FTP Supports Clear Text AuthenticationSynopsis

Authentication credentials might be intercepted.

Description

The remote FTP server allows the user's name and password to be transmitted in clear text, which could beintercepted by a network sniffer or a man-in-the-middle attack.

Solution

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so thatcontrol connections are encrypted.

Risk Factor

Low

CVSS Base Score


References

XREF CWE:522

XREF CWE:523

Plugin Information:


Hosts192.168.1.254 (tcp/21)

This FTP server does not support 'AUTH TLS'.



42

42263 (1) - Unencrypted Telnet ServerSynopsis

The remote Telnet server transmits traffic in cleartext.

Description

The remote host is running a Telnet server over an unencrypted channel.Using Telnet over an unencrypted channel is not recommended as logins, passwords and commands are transferredin cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive information.Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can tunnel additional datastreams such as the X11 session.

Solution

Disable this service and use SSH instead.

Risk Factor

Low

CVSS Base Score


Plugin Information:


Hosts192.168.1.254 (tcp/23)

Nessus collected the following banner from the remote Telnet server : ------------------------------ snip ------------------------------Username : ------------------------------ snip ------------------------------

43

65821 (1) - SSL RC4 Cipher Suites SupportedSynopsis

The remote service supports the use of the RC4 cipher.

Description

The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation ofa pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing itsrandomness.If plaintext is repeatedly encrypted (e.g. HTTP cookies), and an attacker is able to obtain many (i.e. tens of millions)ciphertexts, the attacker may be able to derive the plaintext.

See Also




Solution

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers.

Risk Factor

Low

CVSS Base Score


CVSS Temporal Score


References

BID 58796

CVE CVE-2013-2566

XREF OSVDB:91162

Plugin Information:


Hosts192.168.1.254 (tcp/443)

Here is the list of RC4 cipher suites supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export High Strength Ciphers (>= 112-bit key) SSLv3 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 The fields above are :







44

{OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

45

10335 (7) - Nessus TCP scannerSynopsis


Description


Solution


Risk Factor

None

Hosts192.168.1.254 (tcp/21)


192.168.1.254 (tcp/23)


192.168.1.254 (tcp/53)


192.168.1.254 (tcp/80)


192.168.1.254 (tcp/443)


192.168.1.254 (tcp/1723)


192.168.1.254 (tcp/8000)


46

11219 (7) - Nessus SYN scannerSynopsis


Description


Solution


Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/21)


192.168.1.254 (tcp/23)


192.168.1.254 (tcp/53)


192.168.1.254 (tcp/80)


192.168.1.254 (tcp/443)


192.168.1.254 (tcp/1723)


192.168.1.254 (tcp/8000)


47

22964 (5) - Service DetectionSynopsis


Description


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/23)

A telnet server is running on this port.

192.168.1.254 (tcp/80)


192.168.1.254 (tcp/443)


192.168.1.254 (tcp/443)


192.168.1.254 (tcp/8000)


48

24260 (3) - HyperText Transfer Protocol (HTTP) InformationSynopsis


Description


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/80)

Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Fri, 16 Aug 2013 11:59:35 GMT Server: Content-length: 0 Connection: keep-alive Keep-Alive: timeout=60, max=2000 Location: http://dsldevice.lan/login.lp Set-Cookie: xAuth_SESSION_ID=BBoUZ0MV0nq7r0JRKqpdnQA=; path=/; Cache-control: no-cache="set-cookie"

192.168.1.254 (tcp/443)

Protocol version : HTTP/1.1SSL : yesKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Fri, 16 Aug 2013 11:59:50 GMT Server: Content-length: 0 Connection: keep-alive Keep-Alive: timeout=60, max=2000 Location: https://dsldevice.lan/login.lp Set-Cookie: xAuth_SESSION_ID=U+JwQ0UuwOADZvLk/8G9OgA=; path=/; Cache-control: no-cache="set-cookie"

192.168.1.254 (tcp/8000)

Protocol version : HTTP/1.0SSL : noKeep-Alive : noOptions allowed : (Not implemented)Headers : Location: http://192.168.1.254:80

49

10386 (2) - Web Server No 404 Error Code CheckSynopsis


Description

The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent fileis requested, perhaps returning instead a site map, search page or authentication page.Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number ofsecurity holes are produced for this port, they might not all be accurate.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/80)

CGI scanning will be disabled for this host because the host respondsto requests for non-existent URLs with HTTP code 302rather than 404. The requested URL was : http://dsldevice.lan/cgi-bin/U8EV2Ixb6Oum.html

192.168.1.254 (tcp/443)

CGI scanning will be disabled for this host because the host respondsto requests for non-existent URLs with HTTP code 302rather than 404. The requested URL was : https://dsldevice.lan/cgi-bin/U8EV2Ixb6Oum.html

50

11002 (2) - DNS Server DetectionSynopsis


Description


See Also


Solution


Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/53)192.168.1.254 (udp/53)


51

20108 (2) - Web Server / Application favicon.ico Vendor FingerprintingSynopsis


Description


Solution


Risk Factor

None

References

XREF OSVDB:39272

Plugin Information:


Hosts192.168.1.254 (tcp/80)


192.168.1.254 (tcp/443)



52

43111 (2) - HTTP Methods Allowed (per directory)Synopsis


Description


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/80)


192.168.1.254 (tcp/443)


53

10092 (1) - FTP Server DetectionSynopsis

An FTP server is listening on this port.

Description

It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution

N/A

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/21)

The remote FTP banner is : 220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.

54

10281 (1) - Telnet Server DetectionSynopsis

A Telnet server is listening on the remote port.

Description

The remote host is running a Telnet server, a remote terminal server.

Solution

Disable this service if you do not use it.

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/23)

Here is the banner from the remote Telnet server : ------------------------------ snip ------------------------------Username : ------------------------------ snip ------------------------------

55

10287 (1) - Traceroute InformationSynopsis

It was possible to obtain traceroute information.

Description

Makes a traceroute to the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (udp/0)

For your information, here is the traceroute from 192.168.1.66 to 192.168.1.254 : 192.168.1.66192.168.1.254

56

10622 (1) - PPTP DetectionSynopsis

A VPN server is listening on the remote port.

Description

The remote host is running a PPTP (Point-to-Point Tunneling Protocol) server. It allows users to set up a tunnelbetween their host and the network the remote host is attached to.

Solution

Make sure use of this software is in agreement with your organization's security policy.

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/1723)

It was possible to extract the following information from the remote PPTP server : Firmware Version : 1Vendor Name : THOMSONHost name : SpeedTouch

57

10863 (1) - SSL Certificate InformationSynopsis

This plugin displays the SSL certificate.

Description

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)

Subject Name: Common Name: Technicolor TG582nOrganization: TechnicolorOrganization Unit: 1229AFD9G0 Issuer Name: Common Name: Technicolor TG582nOrganization: TechnicolorOrganization Unit: 1229AFD9G0 Serial Number: A8 B9 5A F3 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jan 01 00:00:00 2005 GMTNot Valid After: Dec 31 00:00:00 2024 GMT Public Key Info: Algorithm: RSA EncryptionKey Length: 1024 bitsPublic Key: 00 AB DA C5 B5 C7 DC 7E 00 55 BA 12 64 F2 79 13 64 79 F0 A1 D5 AC F0 73 12 9F 43 A4 D8 A0 3D CE 78 7A C0 08 73 3C 39 41 63 71 4E B8 CB 0D 26 83 A9 69 41 CE D6 66 5F 8F 9C 68 88 A4 C6 8F D1 C4 B0 E2 49 AE 9C 7E 2C 23 A5 62 86 E4 B6 8B 78 07 90 9E A3 27 E6 82 C6 5B 2F F1 21 E5 2B 71 DA 91 4C 1F CA 67 BE D5 9F D0 97 A1 36 3A EA E4 65 8F E2 F6 E6 53 29 38 58 78 EA C8 FE EC 5A 33 48 D8 7F Exponent: 01 00 01 Signature Length: 128 bytes / 1024 bitsSignature: 00 34 68 BA 30 BC 85 30 E5 BD 34 88 78 64 E2 CB 03 FB D8 FB C1 CD 3B EC 73 26 30 A3 E2 B4 46 38 62 EF 33 1E E0 A4 71 BD 8A 3B EE BE C3 38 68 05 AD 85 FE A9 39 D1 EA 29 E1 AE 53 E6 FD 1F FC D8 0B B0 EA 43 C5 69 68 01 41 78 EF B2 A3 6F 08 66 DF 5E 0D 0C 51 58 85 C1 D5 DE FE 38 3E 6C 00 C3 E6 38 96 0E 08 E3 E0 59 CC 5C 8D 70 A8 3D 69 49 C0 F8 82 9B 80 4E EE BE 0A F3 C5 F9 DF 54 34 5A A0

58

11239 (1) - Web Server Crafted Request Vendor/Version Information DisclosureSynopsis

The remote host is running a web server that may be leaking information.

Description

The web server running on the remote host appears to be hiding its version or name, which is a good thing. However,using a specially crafted request, Nessus was able to discover the information.

Solution

No generic solution is known. Contact your vendor for a fix or a workaround.

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/8000)

After sending this request :HELP Nessus was able to gather the following information from the web server :Technicolor

59

11936 (1) - OS IdentificationSynopsis

It is possible to guess the remote operating system.

Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/0)

Remote operating system : SCO UnixWare 7.1.1Confidence Level : 65Method : SinFP The remote host is running SCO UnixWare 7.1.1

60

12053 (1) - Host Fully Qualified Domain Name (FQDN) ResolutionSynopsis

It was possible to resolve the name of the remote host.

Description

Nessus was able to resolve the FQDN of the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/0)

192.168.1.254 resolves as dsldevice.lan.

61

19506 (1) - Nessus Scan InformationSynopsis

Information about the Nessus scan.

Description

This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/0)

Information about this scan : Nessus version : 5.2.1Plugin feed version : 201308160915Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 192.168.1.66Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/8/16 12:47Scan duration : 1252 sec

62

21643 (1) - SSL Cipher Suites SupportedSynopsis

The remote service encrypts communications using SSL.

Description

This script detects which SSL ciphers are supported by the remote service for encrypting communications.

See Also


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)

Here is the list of SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 High Strength Ciphers (>= 112-bit key) SSLv3 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DH [...]


63

25220 (1) - TCP/IP Timestamps SupportedSynopsis

The remote service implements TCP timestamps.

Description

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.

See Also


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/0)


64

45410 (1) - SSL Certificate commonName MismatchSynopsis

The SSL certificate commonName does not match the host name.

Description

This service presents an SSL certificate for which the 'commonName'(CN) does not match the host name on which the service listens.

Solution

If the machine has several names, make sure that users connect to the service through the DNS host name thatmatches the common name in the certificate.

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)

The host name known by Nessus is : dsldevice.lan The Common Name in the certificate is : technicolor tg582n

65

50845 (1) - OpenSSL DetectionSynopsis

The remote service appears to use OpenSSL to encrypt traffic.

Description

Based on its response to a TLS request with a specially crafted server name extension, it seems that the remoteservice is using the OpenSSL library to encrypt traffic.Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC4366).

See Also


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)


66

51891 (1) - SSL Session Resume SupportedSynopsis

The remote host allows resuming SSL sessions.

Description

This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive asession ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in thesecond connection, the server maintains a cache of sessions that can be resumed.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)

This port supports resuming SSLv3 sessions.

67

54615 (1) - Device TypeSynopsis

It is possible to guess the remote device type.

Description

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/0)

Remote device type : general-purposeConfidence level : 65

68

56984 (1) - SSL / TLS Versions SupportedSynopsis

The remote service encrypts communications.

Description

This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)

This port supports SSLv3/TLSv1.0.

69

57041 (1) - SSL Perfect Forward Secrecy Cipher Suites SupportedSynopsis

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even ifthe key is stolen.

Description

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These ciphersuites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.

See Also




Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)

Here is the list of SSL PFS ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 High Strength Ciphers (>= 112-bit key) SSLv3 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}




70

58768 (1) - SSL Resume With Different Cipher IssueSynopsis

The remote host allows resuming SSL sessions with a different cipher than the one originally negotiated.

Description

The SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiatedwhen resuming a session. An attacker that sees (e.g. by sniffing) the start of an SSL connection may be able tomanipulate session cache to cause subsequent resumptions of that session to use a cipher chosen by the attacker.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)


71

62563 (1) - SSL Compression Methods SupportedSynopsis

The remote service supports one or more compression methods for SSL connections.

Description

This script detects which compression methods are supported by the remote service for SSL connections.

See Also





Solution

n/a

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/443)

Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)





72

66334 (1) - Patch ReportSynopsis

The remote host is missing several patches

Description

The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution

Install the patches listed below

Risk Factor

None

Plugin Information:


Hosts192.168.1.254 (tcp/0)

. You need to take the following action:[ OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue (51892) ] + Action to take: Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.

Hosts Summary (Executive)

74

192.168.1.254Summary

Critical High Medium Low Info Total

0 0 6 4 28 38

Details

Severity Plugin Id Name

Medium (6.4) 51192 SSL Certificate Cannot Be Trusted

Medium (6.4) 57582 SSL Self-Signed Certificate

Medium (5.0) 12217 DNS Server Cache Snooping Remote Information Disclosure

Medium (4.3) 26928 SSL Weak Cipher Suites Supported

Medium (4.3) 42873 SSL Medium Strength Cipher Suites Supported

Medium (4.3) 51892 OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUGSession Resume Ciphersuite Downgrade Issue

Low (3.3) 10663 DHCP Server Detection

Low (2.6) 34324 FTP Supports Clear Text Authentication

Low (2.6) 42263 Unencrypted Telnet Server

Low (2.6) 65821 SSL RC4 Cipher Suites Supported

Info 10092 FTP Server Detection

Info 10281 Telnet Server Detection

Info 10287 Traceroute Information

Info 10335 Nessus TCP scanner

Info 10386 Web Server No 404 Error Code Check

Info 10622 PPTP Detection

Info 10863 SSL Certificate Information

Info 11002 DNS Server Detection

Info 11219 Nessus SYN scanner

Info 11239 Web Server Crafted Request Vendor/Version Information Disclosure

Info 11936 OS Identification

Info 12053 Host Fully Qualified Domain Name (FQDN) Resolution

Info 19506 Nessus Scan Information

Info 20108 Web Server / Application favicon.ico Vendor Fingerprinting

Info 21643 SSL Cipher Suites Supported

Info 22964 Service Detection

http://www.nessus.org/plugins/index.php?view=single&id=51192


























75

Info 24260 HyperText Transfer Protocol (HTTP) Information

Info 25220 TCP/IP Timestamps Supported

Info 43111 HTTP Methods Allowed (per directory)

Info 45410 SSL Certificate commonName Mismatch

Info 50845 OpenSSL Detection

Info 51891 SSL Session Resume Supported

Info 54615 Device Type

Info 56984 SSL / TLS Versions Supported

Info 57041 SSL Perfect Forward Secrecy Cipher Suites Supported

Info 58768 SSL Resume With Different Cipher Issue

Info 62563 SSL Compression Methods Supported

Info 66334 Patch Report













escaneo_jncxfo

Documents

ssl certificate

ssl weak cipher suites

ssl rc4 cipher suites

openssl ssl

dns server detection

web server

dhcp server detection

dns server cache