As part of your Vulnerability Management project last week, you analyzed a report on a Windows system within the company network vulnerable to the MS

Scan Report

April 7, 2020

Summary

This document reports on the results of an automatic security scan. All dates are dis-

played using the timezone �Coordinated Universal Time�, which is abbreviated �UTC�. The

task was �Immediate scan of IP 192.168.1.99�. The scan started at Tue Apr 7 02:57:18 2020

UTC and ended at . The report ˝rst summarises the results found. Then, for each host,

the report describes every issue found. Please consider the advice given in each description,

in order to rectify the issue.

Contents

1 Result Overview 2

2 Results per Host 2

2.1 192.168.1.99 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2.1.1 High 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2.1.2 High general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.1.3 Medium 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.1.4 Medium 21/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.1.5 Medium 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.1.6 Medium 6667/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.1.7 Medium 5432/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2.1.8 Low 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.1.9 Low 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.1.10 Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

1

2 RESULTS PER HOST 2

1 Result Overview

Host High Medium Low Log False Positive

192.168.1.99 4 19 3 0 0

Total: 1 4 19 3 0 0

Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Information on overrides is included in the report. Notes are included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level �Log� are not shown. Issues with the threat level �Debug� are not shown. Issues with the threat level �False Positive� are not shown. Only results with a minimum QoD of 70 are shown.

This report contains all 26 results selected by the ˝ltering described above. Before ˝ltering there were 302 results.

2 Results per Host

2.1 192.168.1.99

Host scan start Tue Apr 7 02:57:38 2020 UTC Host scan end

Service (Port) Threat Level

80/tcp High general/tcp High 80/tcp Medium 21/tcp Medium 22/tcp Medium 6667/tcp Medium 5432/tcp Medium 80/tcp Low 22/tcp Low general/tcp Low

2.1.1 High 80/tcp

. . . continues on next page . . .

2 RESULTS PER HOST 3

. . . continued from previous page . . .

High (CVSS: 10.0) NVT: TWiki XSS and Command Execution Vulnerabilities

Summary The host is running TWiki and is prone to Cross-Site Scripting (XSS) and Command Execution Vulnerabilities.

Vulnerability Detection Result Installed version: 01.Feb.2003 Fixed version: 4.2.4

Impact Successful exploitation could allow execution of arbitrary script code or commands. This could let attackers steal cookie-based authentication credentials or compromise the a˙ected application.

Solution Solution type: VendorFix Upgrade to version 4.2.4 or later.

A˙ected Software/OS TWiki, TWiki version prior to 4.2.4.

Vulnerability Insight The ˛aws are due to, – %URLPARAM}}% variable is not properly sanitized which lets attackers conduct cross-site scripting attack. – %SEARCH}}% variable is not properly sanitised before being used in an eval() call which lets the attackers execute perl code through eval injection attack.

Vulnerability Detection Method Details: TWiki XSS and Command Execution Vulnerabilities OID:1.3.6.1.4.1.25623.1.0.800320 Version used: $Revision: 12952 $

References CVE: CVE-2008-5304, CVE-2008-5305 BID:32668, 32669 Other:

URL:http://twiki.org/cgi-bin/view/Codev.SecurityAlert-CVE-2008-5304 URL:http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305

High (CVSS: 7.5) NVT: phpinfo() output Reporting

Summary . . . continues on next page . . .

2 RESULTS PER HOST 4

. . . continued from previous page . . . Many PHP installation tutorials instruct the user to create a ˝le called phpinfo.php or similar containing the phpinfo() statement. Such a ˝le is often left back in the webserver directory.

Vulnerability Detection Result The following files are calling the function phpinfo() which disclose potentiall ,→y sensitive information: http://192.168.1.99/mutillidae/phpinfo.php http://192.168.1.99/phpinfo.php

Impact Some of the information that can be gathered from this ˝le includes: The username of the user running the PHP process, if it is a sudo user, the IP address of the host, the web server version, the system version (Unix, Linux, Windows, …), and the root directory of the web server.

Solution Solution type: Workaround Delete the listed ˝les or restrict access to them.

Vulnerability Detection Method Details: phpinfo() output Reporting OID:1.3.6.1.4.1.25623.1.0.11229 Version used: $Revision: 11992 $

High (CVSS: 7.5) NVT: Tiki Wiki CMS Groupware < 4.2 Multiple Unspeci˝ed Vulnerabilities

Summary Tiki Wiki CMS Groupware is prone to multiple unspeci˝ed vulnerabilities, including: – An unspeci˝ed SQL-injection vulnerability – An unspeci˝ed authentication-bypass vulnerability – An unspeci˝ed vulnerability

Vulnerability Detection Result Installed version: 1.9.5 Fixed version: 4.2

Impact Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and gain unauthorized access to the a˙ected application. Other attacks are also possible.

Solution Solution type: VendorFix The vendor has released an advisory and ˝xes. Please see the references for details.

. . . continues on next page . . .

2 RESULTS PER HOST 5

. . . continued from previous page . . . A˙ected Software/OS Versions prior to Tiki Wiki CMS Groupware 4.2 are vulnerable.

Vulnerability Detection Method Details: Tiki Wiki CMS Groupware < 4.2 Multiple Unspecified Vulnerabilities OID:1.3.6.1.4.1.25623.1.0.100537 Version used: $Revision: 13960 $

References CVE: CVE-2010-1135, CVE-2010-1134, CVE-2010-1133, CVE-2010-1136 BID:38608 Other:

URL:http://www.securityfocus.com/bid/38608 URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=247

,→34 URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=250

,→46 URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=254

,→24 URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=254

,→35 URL:http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases URL:http://info.tikiwiki.org/tiki-index.php?page=homepage

[ return to 192.168.1.99 ]

2.1.2 High general/tcp

High (CVSS: 10.0) NVT: OS End Of Life Detection

Summary OS End Of Life Detection The Operating System on the remote host has reached the end of life and should not be used anymore.

Vulnerability Detection Result The "Ubuntu" Operating System on the remote host has reached the end of life. CPE: cpe:/o:canonical:ubuntu_linux:8.04 Installed version, build or SP: 8.04 EOL date: 2013-05-09 EOL info: https://wiki.ubuntu.com/Releases

Solution Solution type: Mitigation

. . . continues on next page . . .

–

2 RESULTS PER HOST 6

. . . continued from previous page . . .

Vulnerability Detection Method Details: OS End Of Life Detection OID:1.3.6.1.4.1.25623.1.0.103674 Version used: $Revision: 8927 $

[ return to 192.168.1.99 ]

2.1.3 Medium 80/tcp

Medium (CVSS: 6.8) NVT: TWiki Cross-Site Request Forgery Vulnerability Sep10

Summary The host is running TWiki and is prone to Cross-Site Request Forgery vulnerability.

Vulnerability Detection Result Installed version: 01.Feb.2003 Fixed version: 4.3.2

Impact Successful exploitation will allow attacker to gain administrative privileges on the target appli- cation and can cause CSRF attack.

Solution Solution type: VendorFix Upgrade to TWiki version 4.3.2 or later.

A˙ected Software/OS TWiki version prior to 4.3.2

Vulnerability Insight Attack can be done by tricking an authenticated TWiki user into visiting a static HTML page on another side, where a Javascript enabled browser will send an HTTP POST request to TWiki, which in turn will process the request as the TWiki user.

Vulnerability Detection Method Details: TWiki Cross-Site Request Forgery Vulnerability – Sep10 OID:1.3.6.1.4.1.25623.1.0.801281 Version used: $Revision: 12952 $

References CVE: CVE-2009-4898 Other:

URL:http://www.openwall.com/lists/oss-security/2010/08/03/8 URL:http://www.openwall.com/lists/oss-security/2010/08/02/17

. . . continues on next page . . .

2 RESULTS PER HOST 7

. . . continued from previous page . . . URL:http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix URL:http://twiki.org/cgi-bin/view/Codev/DownloadTWiki

Medium (CVSS: 6.5) NVT: Tiki Wiki CMS Groupware < 17.2 SQL Injection Vulnerability

Summary In Tiki the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.

Vulnerability Detection Result Installed version: 1.9.5 Fixed version: 17.2

Solution Solution type: VendorFix Upgrade to version 17.2 or later.

A˙ected Software/OS Tiki Wiki CMS Groupware prior to version 17.2.

Vulnerability Detection Method Checks if a vulnerable version is present on the target host. Details: Tiki Wiki CMS Groupware < 17.2 SQL Injection Vulnerability OID:1.3.6.1.4.1.25623.1.0.141885 Version used: $Revision: 13115 $

References CVE: CVE-2018-20719 Other:

URL:https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minute ,→s/

Medium (CVSS: 6.0) NVT: TWiki Cross-Site Request Forgery Vulnerability

Summary The host is running TWiki and is prone to Cross-Site Request Forgery Vulnerability.

Vulnerability Detection Result Installed version: 01.Feb.2003 Fixed version: 4.3.1

Impact . . . continues on next page . . .

2 RESULTS PER HOST 8

. . . continued from previous page . . . Successful exploitation will allow attacker to gain administrative privileges on the target appli- cation and can cause CSRF attack.

Solution Solution type: VendorFix Upgrade to version 4.3.1 or later.

A˙ected Software/OS TWiki version prior to 4.3.1

Vulnerability Insight Remote authenticated user can create a specially crafted image tag that, when viewed by the target user, will update pages on the target system with the privileges of the target user via HTTP requests.

Vulnerability Detection Method Details: TWiki Cross-Site Request Forgery Vulnerability OID:1.3.6.1.4.1.25623.1.0.800400 Version used: $Revision: 12952 $

References CVE: CVE-2009-1339 Other:

URL:http://secunia.com/advisories/34880 URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526258 URL:http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-di

,→ff-cve-2009-1339.txt

Medium (CVSS: 5.8) NVT: HTTP Debugging Methods (TRACE/TRACK) Enabled

Summary Debugging functions are enabled on the remote web server. The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.

Vulnerability Detection Result The web server has the following HTTP methods enabled: TRACE

Impact An attacker may use this ˛aw to trick your legitimate web users to give him their credentials.

Solution Solution type: Mitigation Disable the TRACE and TRACK methods in your web server con˝guration. Please see the manual of your web server or the references for more information.

. . . continues on next page . . .

2 RESULTS PER HOST 9

. . . continued from previous page . . .

A˙ected Software/OS Web servers with enabled TRACE and/or TRACK methods.

Vulnerability Insight It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.

Vulnerability Detection Method Details: HTTP Debugging Methods (TRACE/TRACK) Enabled OID:1.3.6.1.4.1.25623.1.0.11213 Version used: $Revision: 10828 $

References CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, ,→CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE ,→-2014-7883 BID:9506, 9561, 11604, 15222, 19915, 24456, 33374, 36956, 36990, 37995 Other:

URL:http://www.kb.cert.org/vuls/id/288308 URL:http://www.kb.cert.org/vuls/id/867593 URL:http://httpd.apache.org/docs/current/de/mod/core.html#traceenable URL:https://www.owasp.org/index.php/Cross_Site_Tracing

Medium (CVSS: 5.0) NVT: Tiki Wiki CMS Groupware Input Sanitation Weakness Vulnerability

Summary The host is installed with Tiki Wiki CMS Groupware and is prone to input sanitation weakness vulnerability.

Vulnerability Detection Result Installed version: 1.9.5 Fixed version: 2.2

Impact Successful exploitation could allow arbitrary code execution in the context of an a˙ected site.

Solution Solution type: VendorFix Upgrade to version 2.2 or later.

A˙ected Software/OS Tiki Wiki CMS Groupware version prior to 2.2 on all running platform

. . . continues on next page . . .

2 RESULTS PER HOST 10

. . . continued from previous page . . . Vulnerability Insight The vulnerability is due to input validation error in tiki-error.php which fails to sanitise before being returned to the user.

Vulnerability Detection Method Details: Tiki Wiki CMS Groupware Input Sanitation Weakness Vulnerability OID:1.3.6.1.4.1.25623.1.0.800315 Version used: $Revision: 14010 $

References CVE: CVE-2008-5318, CVE-2008-5319 Other:

URL:http://secunia.com/advisories/32341 URL:http://info.tikiwiki.org/tiki-read_article.php?articleId=41

Medium (CVSS: 5.0) NVT: /doc directory browsable

Summary The /doc directory is browsable. /doc shows the content of the /usr/doc directory and therefore it shows which programs and – important! – the version of the installed programs.

Vulnerability Detection Result Vulnerable url: http://192.168.1.99/doc/

Solution Solution type: Mitigation Use access restrictions for the /doc directory. If you use Apache you might use this in your access.conf: <Directory /usr/doc> AllowOverride None order deny, allow deny from all allow from localhost </Directory>

Vulnerability Detection Method Details: /doc directory browsable OID:1.3.6.1.4.1.25623.1.0.10056 Version used: $Revision: 14336 $

References CVE: CVE-1999-0678 BID:318

Medium (CVSS: 5.0) NVT: Tiki Wiki CMS Groupware '˝xedURLData' Local File Inclusion Vulnerability

Summary . . . continues on next page . . .

2 RESULTS PER HOST 11

. . . continued from previous page . . . The host is installed with Tiki Wiki CMS Groupware and is prone to a local ˝le inclusion vulnerability.

Vulnerability Detection Result Installed version: 1.9.5 Fixed version: 12.11

Impact Successful exploitation will allow an user having access to the admin backend to gain access to arbitrary ˝les and to compromise the application.

Solution Solution type: VendorFix Upgrade to Tiki Wiki CMS Groupware version 12.11 LTS, 15.4 or later.

A˙ected Software/OS Tiki Wiki CMS Groupware versions: – below 12.11 LTS – 13.x, 14.x and 15.x below 15.4

Vulnerability Insight The Flaw is due to improper sanitization of input passed to the '˝xedURLData' parameter of the 'display_banner.php' script.

Vulnerability Detection Method Checks if a vulnerable version is present on the target host. Details: Tiki Wiki CMS Groupware 'fixedURLData' Local File Inclusion Vulnerability OID:1.3.6.1.4.1.25623.1.0.108064 Version used: 2019-05-10T14:24:23+0000

References CVE: CVE-2016-10143 Other:

URL:http://tiki.org/article445-Security-updates-Tiki-16-2-15-4-and-Tiki-12-11-

,→released URL:https://sourceforge.net/p/tikiwiki/code/60308/ URL:https://tiki.org

Medium (CVSS: 4.8) NVT: Cleartext Transmission of Sensitive Information via HTTP

Summary The host / application transmits sensitive information (username, passwords) in cleartext via HTTP.

Vulnerability Detection Result . . . continues on next page . . .

2 RESULTS PER HOST 12

. . . continued from previous page . . . The following input fields where identified (URL:input name): http://192.168.1.99/phpMyAdmin/:pma_password http://192.168.1.99/phpMyAdmin/?D=A:pma_password http://192.168.1.99/tikiwiki/tiki-install.php:pass http://192.168.1.99/twiki/bin/view/TWiki/TWikiUserAuthentication:oldpassword

Impact An attacker could use this situation to compromise or eavesdrop on the HTTP communication between the client and the server using a man-in-the-middle attack to get access to sensitive data like usernames or passwords.

Solution Solution type: Workaround Enforce the transmission of sensitive data via an encrypted SSL/TLS connection. Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before allowing to input sensitive data into the mentioned functions.

A˙ected Software/OS Hosts / applications which doesn't enforce the transmission of sensitive data via an encrypted SSL/TLS connection.

Vulnerability Detection Method Evaluate previous collected information and check if the host / application is not enforcing the transmission of sensitive data via an encrypted SSL/TLS connection. The script is currently checking the following: – HTTP Basic Authentication (Basic Auth) – HTTP Forms (e.g. Login) with input ˝eld of type 'password' Details: Cleartext Transmission of Sensitive Information via HTTP OID:1.3.6.1.4.1.25623.1.0.108440 Version used: $Revision: 10726 $

References Other:

URL:https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_S ,→ession_Management

URL:https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure URL:https://cwe.mitre.org/data/definitions/319.html

Medium (CVSS: 4.3) NVT: TWiki < 6.1.0 XSS Vulnerability

Summary bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter.

Vulnerability Detection Result Installed version: 01.Feb.2003 . . . continues on next page . . .

2 RESULTS PER HOST 13

. . . continued from previous page . . . Fixed version: 6.1.0

Solution Solution type: VendorFix Update to version 6.1.0 or later.

A˙ected Software/OS TWiki version 6.0.2 and probably prior.

Vulnerability Detection Method Checks if a vulnerable version is present on the target host. Details: TWiki < 6.1.0 XSS Vulnerability OID:1.3.6.1.4.1.25623.1.0.141830 Version used: 2019-03-26T08:16:24+0000

References CVE: CVE-2018-20212 Other:

URL:https://seclists.org/fulldisclosure/2019/Jan/7 URL:http://twiki.org/cgi-bin/view/Codev/DownloadTWiki

[ return to 192.168.1.99 ]

2.1.4 Medium 21/tcp

Medium (CVSS: 6.4) NVT: Anonymous FTP Login Reporting

Summary Reports if the remote FTP Server allows anonymous logins.

Vulnerability Detection Result It was possible to login to the remote FTP service with the following anonymous ,→account(s): anonymous:[email protected] ftp:[email protected]

Impact Based on the ˝les accessible via this anonymous FTP login and the permissions of this account an attacker might be able to: – gain access to sensitive ˝les – upload or delete ˝les.

Solution Solution type: Mitigation If you do not want to share ˝les, you should disable anonymous logins.

. . . continues on next page . . .

2 RESULTS PER HOST 14

. . . continued from previous page . . .

Vulnerability Insight A host that provides an FTP service may additionally provide Anonymous FTP access as well. Under this arrangement, users do not strictly need an account on the host. Instead the user typically enters 'anonymous' or 'ftp' when prompted for username. Although users are commonly asked to send their email address as their password, little to no veri˝cation is actually performed on the supplied data.

Vulnerability Detection Method Details: Anonymous FTP Login Reporting OID:1.3.6.1.4.1.25623.1.0.900600 Version used: $Revision: 12030 $

References Other:

URL:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0497

Medium (CVSS: 4.8) NVT: FTP Unencrypted Cleartext Login

Summary The remote host is running a FTP service that allows cleartext logins over unencrypted connec- tions.

Vulnerability Detection Result The remote FTP service accepts logins without a previous sent 'AUTH TLS' command ,→. Response(s): Anonymous sessions: 331 Please specify the password. Non-anonymous sessions: 331 Please specify the password.

Impact An attacker can uncover login names and passwords by sni°ng tra°c to the FTP service.

Solution Solution type: Mitigation Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see the manual of the FTP service for more information.

Vulnerability Detection Method Tries to login to a non FTPS enabled FTP service without sending a 'AUTH TLS' command ˝rst and checks if the service is accepting the login without enforcing the use of the 'AUTH TLS' command. Details: FTP Unencrypted Cleartext Login OID:1.3.6.1.4.1.25623.1.0.108528 Version used: $Revision: 13611 $

2 RESULTS PER HOST 15

[ return to 192.168.1.99 ]

2.1.5 Medium 22/tcp

Medium (CVSS: 4.3) NVT: SSH Weak Encryption Algorithms Supported

Summary The remote SSH server is con˝gured to allow weak encryption algorithms.

Vulnerability Detection Result The following weak client-to-server encryption algorithms are supported by the r ,→emote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected] The following weak server-to-client encryption algorithms are supported by the r ,→emote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected]

Solution Solution type: Mitigation Disable the weak encryption algorithms.

Vulnerability Insight The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems with weak keys, and should not be used anymore. The `none` algorithm speci˝es that no encryption is to be done. Note that this method provides no con˝dentiality protection, and it is NOT RECOMMENDED to use it. . . . continues on next page . . .

2 RESULTS PER HOST 16

. . . continued from previous page . . . A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.

Vulnerability Detection Method Check if remote ssh service supports Arcfour, none or CBC ciphers. Details: SSH Weak Encryption Algorithms Supported OID:1.3.6.1.4.1.25623.1.0.105611 Version used: $Revision: 13581 $

References Other:

URL:https://tools.ietf.org/html/rfc4253#section-6.3 URL:https://www.kb.cert.org/vuls/id/958563

[ return to 192.168.1.99 ]

2.1.6 Medium 6667/tcp

Medium (CVSS: 6.8) NVT: UnrealIRCd Authentication Spoo˝ng Vulnerability

Summary This host is installed with UnrealIRCd and is prone to authentication spoo˝ng vulnerability.

Vulnerability Detection Result Installed version: 3.2.8.1 Fixed version: 3.2.10.7

Impact Successful exploitation of this vulnerability will allows remote attackers to spoof certi˝cate ˝n- gerprints and consequently log in as another user.

Solution Solution type: VendorFix Upgrade to UnrealIRCd 3.2.10.7, or 4.0.6, or later.

A˙ected Software/OS UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6.

Vulnerability Insight The ˛aw exists due to an error in the 'm_authenticate' function in 'modules/m_sasl.c' script.

Vulnerability Detection Method Checks if a vulnerable version is present on the target host. Details: UnrealIRCd Authentication Spoofing Vulnerability OID:1.3.6.1.4.1.25623.1.0.809883 . . . continues on next page . . .

2 RESULTS PER HOST 17

. . . continued from previous page . . . Version used: $Revision: 11874 $

References CVE: CVE-2016-7144 BID:92763 Other:

URL:http://seclists.org/oss-sec/2016/q3/420 URL:http://www.openwall.com/lists/oss-security/2016/09/05/8 URL:https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf8

,→6bc50ba1a34a766 URL:https://bugs.unrealircd.org/main_page.php

[ return to 192.168.1.99 ]

2.1.7 Medium 5432/tcp

Medium (CVSS: 5.0) NVT: SSL/TLS: Certi˝cate Expired

Summary The remote server's SSL/TLS certi˝cate has already expired.

Vulnerability Detection Result The certificate of the remote service expired on 2010-04-16 14:07:45. Certificate details: subject …: 1.2.840.113549.1.9.1=#726F6F74407562756E74753830342D626173652E6C6F6 ,→3616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of ,→Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outsid ,→e US,C=XX subject alternative names (SAN): None issued by .: 1.2.840.113549.1.9.1=#726F6F74407562756E74753830342D626173652E6C6F6 ,→3616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of ,→Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outsid ,→e US,C=XX serial ….: 00FAF93A4C7FB6B9CC valid from : 2010-03-17 14:07:45 UTC valid until: 2010-04-16 14:07:45 UTC fingerprint (SHA-1): ED093088706603BFD5DC237399B498DA2D4D31C6 fingerprint (SHA-256): E7A7FA0D63E457C7C4A59B38B70849C6A70BDA6F830C7AF1E32DEE436 ,→DE813CC

Solution Solution type: Mitigation Replace the SSL/TLS certi˝cate by a new one.

. . . continues on next page . . .

2 RESULTS PER HOST 18

. . . continued from previous page . . .

Vulnerability Insight This script checks expiry dates of certi˝cates associated with SSL/TLS-enabled services on the target and reports whether any have already expired.

Vulnerability Detection Method Details: SSL/TLS: Certificate Expired OID:1.3.6.1.4.1.25623.1.0.103955 Version used: $Revision: 11103 $

Medium (CVSS: 4.3) NVT: SSL/TLS: Report Weak Cipher Suites

Summary This routine reports all Weak SSL/TLS cipher suites accepted by a service. NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported. If too strong cipher suites are con˝gured for this service the alternative would be to fall back to an even more insecure cleartext communication.

Vulnerability Detection Result 'Weak' cipher suites accepted by this service via the SSLv3 protocol: TLS_RSA_WITH_RC4_128_SHA 'Weak' cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_RC4_128_SHA

Solution Solution type: Mitigation The con˝guration of this services should be changed so that it does not accept the listed weak cipher suites anymore. Please see the references for more resources supporting you with this task.

Vulnerability Insight These rules are applied for the evaluation of the cryptographic strength: – RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808). – Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak (CVE-2015-4000). – 1024 bit RSA authentication is considered to be insecure and therefore as weak. – Any cipher considered to be secure for only the next 10 years is considered as medium – Any other cipher is considered as strong

Vulnerability Detection Method Details: SSL/TLS: Report Weak Cipher Suites OID:1.3.6.1.4.1.25623.1.0.103440 Version used: $Revision: 11135 $

References CVE: CVE-2013-2566, CVE-2015-2808, CVE-2015-4000 . . . continues on next page . . .

2 RESULTS PER HOST 19

. . . continued from previous page . . . Other:

URL:https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/warnmeldung_cb-k16-

,→1465_update_6.html URL:https://bettercrypto.org/ URL:https://mozilla.github.io/server-side-tls/ssl-config-generator/

Medium (CVSS: 4.3) NVT: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection

Summary It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this system.

Vulnerability Detection Result In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 proto ,→col and supports one or more ciphers. Those supported ciphers can be found in ,→the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.8 ,→02067) NVT.

Impact An attacker might be able to use the known cryptographic ˛aws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secure

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.