SSLAuditor3 Scan Report

SCAN SUMMARY

SCAN LIST

ISSUE SUMMARY

IP AddressPort
192.168.101.128443
192.168.101.12812321
www.gmail.com443
www.twitter.com443
www.yahoo.com443
Use of Self-Signed Certificate
Vulnerable to BEAST attack
Certificate Not Trusted
Certificate Issued to a Different Entity
Deprecated SSL version 2 Supported
Weak Ciphers Supported
Vulnerable to CRIME attack
Session Resumption Not Supported
Renegotiation Vulnerability

DETAILED SCAN RESULTS


IP Address Port Risk Level Score
192.168.101.128443High70
Issue Summary:
Use of Self-Signed Certificate
Vulnerable to BEAST attack
Certificate Not Trusted
Certificate Issued to a Different Entity
Support for MD5 MAC
Back to Summary

IP Address Port Risk Level Score
192.168.101.12812321High35
Issue Summary:
Deprecated SSL version 2 Supported
Weak Ciphers Supported
Use of Self-Signed Certificate
Vulnerable to BEAST attack
Vulnerable to CRIME attack
Certificate Not Trusted
Session Resumption Not Supported
Certificate Issued to a Different Entity
Support for MD5 MAC
Back to Summary

IP Address Port Risk Level Score
www.gmail.com443Low96
Issue Summary:
Certificate Issued to a Different Entity
Support for MD5 MAC
Back to Summary

IP Address Port Risk Level Score
www.twitter.com443Low94
Issue Summary:
Session Resumption Not Supported
Support for MD5 MAC
Back to Summary

IP Address Port Risk Level Score
www.yahoo.com443Medium73
Issue Summary:
Renegotiation Vulnerability
Vulnerable to BEAST attack
Vulnerable to CRIME attack
Session Resumption Not Supported
Support for MD5 MAC
Back to Summary

MITIGATION PROCEDURE

Use of Self-Signed Certificate
Rating: High - CVSS: 4.20
Description:
The web server was using a self-signed SSL certificate. By using a self-signed SSL certificate users are encouraged to click-through warnings and error messages and as a consequence may be conditioned to automatically accept a rogue certificate used during a man-in-the-middle (MiTM) attack against the affected host. In addition, self-signed SSL certificates cannot easily be revoked due to the lack of an issuing certification authority to publish a certificate revocation list; this could potentially lead to problems if the private key of the self-signed SSL certificate was compromised.
Recommendation:
It is recommended to use a valid SSL certificate purchased from a trusted certificate authority.
References:
N/A
Vulnerable to BEAST attack
Rating: Medium - CVSS: 3.40
Description:
The SSL service on the web server might be vulnerable to BEAST attack. The SSL service has no support for TLS 1.1 or TLS 1.2 protocols and has higher priority (preferred ciphers) for block ciphers.
The BEAST attack exploits a vulnerability in the way block ciphers are used in the SSL 3.0 and TLS 1.0 protocols. Due to this, a Man-in-the-Middle attack is possible which can be used to obtain plaintext HTTP headers from the encrypted tunnel. Stream ciphers are not vulnerable to this attack as they work in a completely different way.
Recommendation:
To mitigate this risk enable support only for TLS 1.1 and TLS 1.2 protocols as these are not vulnerable to this attack. The compatibility of the server and the client should be checked before enabling support for these protocols as many of the clients don't support these protocols. If the clients are not compatible, a workaround procedure is available. It involves giving lower priority to all the block ciphers and giving higher priority to stream ciphers (RC4) though they are not cryptographically as strong as block ciphers.
References:
http://www.phonefactor.com/resources/CipherSuiteMitigationForBeast.pdf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://www.kb.cert.org/vuls/id/864643
Certificate Not Trusted
Rating: Medium - CVSS: 3.20
Description:
The certificate is not trusted.
Recommendation:
If the certificate is used on the Internet outside the organisation, it is recommended to purchase the certificate from a Certification Authority (CA).
References:
N/A
Certificate Issued to a Different Entity
Rating: Low - CVSS: 2.40
Description:
The certificate is issued to a different entity as the hostname on the certificate does not match.
Recommendation:
It is recommended to use the certificate extension "Subject Alternative Name" to specify all the DNS names to which the certificate is applicable to.
References:
N/A
Deprecated SSL version 2 Supported
Rating: High - CVSS: 4.20
Description:
The service supports the use of Secure Sockets Layer protocol 2.0 (SSLv2). SSLv2 has been deprecated for a number of years and is no longer recommended due to several security flaws that could allow an attacker to monitor or tamper with sensitive data passed between an affected host and its clients.
These flaws include:
- No protection against man-in-the-middle (MiTM) attacks during the handshake.
- Weak MAC construction and MAC relying solely on the MD5 hash function.
- Exportable cipher suites unnecessarily weaken the MACs.
- Same cryptographic keys used for message authentication and encryption.
- Vulnerable to truncation attacks by forged TCP FIN packets.
Recommendation:
The servers should be configured to not support this protocol and only support SSL version 3 or TLS version 1+ which are more secure.
Apache:
Edit the Apache configuration file and change the SSLProtocol line to read:
SSLProtocol all -SSLv2
References:
http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
http://support.microsoft.com/kb/187498
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
Weak Ciphers Supported
Rating: High - CVSS: 4.20
Description:
The server was identified to be supporting weak ciphers for establishment of the secure connection. Currently, TLS/SSL ciphers with a key length of 56 bits or less are considered to be weak and should not be used due to insufficient protection from cryptographic attacks.
Multiple ciphers with varying strength are supported by a web server and the one the client will use is negotiated during the initial connection setup. An attacker in a position to manipulate communication between an affected host and its clients may be able to conduct a "cipher downgrade" attack and force the use of a weaker TLS/SSL cipher than would otherwise have been selected. This in turn could allow an attacker to more easily monitor or tamper with sensitive data passed between an affected host and its clients. The allowed ciphers were tested by establishing a connection using each of the ciphers available and checking the connection establishment status. This gives the list of all the ciphers supported by noting all the ciphers with which the connection was established.
Recommendation:
The servers should be configured in such a way that only the strong ciphers are supported.
Apache:
Edit the Apache configuration file and change the SSLCipherSuite line to read:
SSLCipherSuite HIGH:MEDIUM
References:
http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
http://support.microsoft.com/kb/245030
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
Vulnerable to CRIME attack
Rating: Medium - CVSS: 3.40
Description:
The SSL service was found to be vulnerable to CRIME attack as it supports TLS level compression.
Recommendation:
It is recommended to disable TLS compression to mitigate the issue.
References:
N/A
Session Resumption Not Supported
Rating: Low - CVSS: 2.40
Description:
The SSL service was found not supporting SSL/TLS session resumption.
Recommendation:
It is recommended to enable support for session resumption to improve the performance of the SSL service.
References:
http://www.linuxjournal.com/article/5487
Renegotiation Vulnerability
Rating: Medium - CVSS: 3.20
Description:
During the assessment it was identified that the remote SSL VPN devices / Web Server have an SSL renegotiation issue. Due to this vulnerability, the connection renegotiation could be performed in an unsecure way after the initial handshake.
An unauthenticated remote attacker might leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.
Recommendation:
It is recommended to either check the SSL connection configuration or update the SSL / remote UTM devices to a later version or directly update the OpenSSL software/component, if they are running an older version.
References:
http://osvdb.org/show/osvdb/73894
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
http://www.securityfocus.com/bid/48626/info
http://www.phonefactor.com/sslgap/ssl-tls-authentication-patches


Report generated by SSLAuditor version 3.0.