Bug #4070
closed
Vulnerability SSL Weak Ciphers
0%
Description
openvas reports vulnerability:
Vulnerability Detection Result
Weak ciphers offered by this service:
SSL3_RSA_RC4_128_MD5
SSL3_RSA_RC4_128_SHA
TLS1_RSA_RC4_128_MD5
TLS1_RSA_RC4_128_SHA
Solution
The configuration of this services should be changed so that it does not support the listed weak ciphers anymore.
Vulnerability Insight
These rules are applied for the evaluation of the cryptographic strength:
- Any SSL/TLS using no cipher is considered weak.
- All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol.
- RC4 is considered to be weak.
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak.
- 1024 bit RSA authentication is considered to be insecure and therefore as weak.
- CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks
- Any cipher considered to be secure for only the next 10 years is considered as medium
- Any other cipher is considered as strong
Updated by Chris Buechler over 9 years ago
- Status changed from New to Resolved
- Target version set to 2.2
SSLv3 was disabled already in 2.2, I disabled the RC4 options a bit later in 2.2.