Professional Documents
Culture Documents
On
se
lU
Lotusdew
Report generated by Nessus™ Mon, 09 Oct 2023 19:01:44 India Standard Time
ia
r Tr
Fo
TABLE OF CONTENTS
Vulnerabilities by Host
• 10.13.100.100............................................................................................................................................................. 4
• 10.13.100.101...........................................................................................................................................................22
• 10.13.100.102...........................................................................................................................................................30
• 10.13.100.103...........................................................................................................................................................98
ly
• 10.13.100.104.........................................................................................................................................................200
• 10.13.100.105.........................................................................................................................................................255
On
• 10.13.100.106.........................................................................................................................................................274
• 10.13.100.110.........................................................................................................................................................315
• 10.13.100.111.........................................................................................................................................................372
•
•
se
10.13.100.115.........................................................................................................................................................411
10.13.100.116.........................................................................................................................................................452
lU
• 10.13.100.118.........................................................................................................................................................698
• 10.13.100.119.........................................................................................................................................................746
• 10.13.100.120.........................................................................................................................................................807
ia
• 10.13.100.125.........................................................................................................................................................815
• 10.13.100.126.........................................................................................................................................................870
Tr
• 10.13.100.131.........................................................................................................................................................875
• 10.13.100.137.........................................................................................................................................................924
• 10.13.100.139.........................................................................................................................................................928
r
• 10.13.100.140.........................................................................................................................................................994
Fo
• 10.13.100.144.......................................................................................................................................................1027
• 10.13.100.147.......................................................................................................................................................1055
• 10.13.100.151.......................................................................................................................................................1155
• 10.13.100.154.......................................................................................................................................................1195
• 10.13.100.159.......................................................................................................................................................1200
• 10.13.100.254.......................................................................................................................................................1241
ly
On
se
lU
Vulnerabilities by Host
ria
rT
Fo
10.13.100.100
0 1 1 0 12
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.100
ly
MAC Address: 18:FD:74:E0:D3:0E 18:FD:74:E0:D3:0F 18:FD:74:E0:D3:10 18:FD:74:E0:D3:11
18:FD:74:E0:D3:12 18:FD:74:E0:D3:13 18:FD:74:E0:D3:14 18:FD:74:E0:D3:15
18:FD:74:E0:D3:16 18:FD:74:E0:D3:17
On
Vulnerabilities
41028 - SNMP Agent Default Community Name (public)
Synopsis se
The community name of the remote SNMP server can be guessed.
lU
Description
It is possible to obtain the default community name of the remote SNMP server.
ia
An attacker may use this information to gain more knowledge about the remote host, or to change the
configuration of the remote system (if the default community allows such modifications).
Tr
Solution
Disable the SNMP service on the remote host if you do not use it.
Either filter incoming UDP packets going to this port, or change the default community string.
r
Risk Factor
Fo
High
VPR Score
5.9
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
10.13.100.100 4
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 2112
CVE CVE-1999-0517
Plugin Information
Plugin Output
udp/161/snmp
public
10.13.100.100 5
76474 - SNMP 'GETBULK' Reflection DDoS
Synopsis
The remote SNMP daemon is affected by a vulnerability that allows a reflected distributed denial of service
attack.
Description
The remote SNMP daemon is responding with a large amount of data to a 'GETBULK' request with a larger
than normal value for 'max-repetitions'. A remote attacker can use this SNMP server to conduct a reflected
distributed denial of service attack on an arbitrary remote host.
See Also
http://www.nessus.org/u?8b551b5c
Solution
Disable the SNMP service on the remote host if you do not use it.
Otherwise, restrict and monitor access to this service, and consider changing the default 'public'
community string.
Risk Factor
Medium
VPR Score
3.6
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2008-4309
Plugin Information
Plugin Output
10.13.100.100 6
udp/161/snmp
Nessus was able to determine the SNMP service can be abused in an SNMP
Reflection DDoS attack :
10.13.100.100 7
35716 - Ethernet Card Manufacturer Detection
Synopsis
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are
registered by IEEE.
See Also
https://standards.ieee.org/faqs/regauth.html
http://www.nessus.org/u?794673b4
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
18:FD:74:E0:D3:0E : Routerboard.com
18:FD:74:E0:D3:0F : Routerboard.com
18:FD:74:E0:D3:10 : Routerboard.com
18:FD:74:E0:D3:11 : Routerboard.com
18:FD:74:E0:D3:12 : Routerboard.com
18:FD:74:E0:D3:13 : Routerboard.com
18:FD:74:E0:D3:14 : Routerboard.com
18:FD:74:E0:D3:15 : Routerboard.com
18:FD:74:E0:D3:16 : Routerboard.com
18:FD:74:E0:D3:17 : Routerboard.com
10.13.100.100 8
86420 - Ethernet MAC Addresses
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and
Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single,
unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.100 9
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Location: /index.html
Content-Type: text/html
Response Body :
10.13.100.100 10
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.100 11
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.100 12
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:36 India Standard Time
Scan duration : 658 sec
Scan for malware : no
10.13.100.100 13
50350 - OS Identification Failed
Synopsis
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or
more fingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to
use them to identify the overall system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
os-signatures@nessus.org
10.13.100.100 14
35296 - SNMP Protocol Version Detection
Synopsis
This plugin reports the protocol version negotiated with the remote SNMP agent.
Description
By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP
agent.
See Also
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to
this port.
Risk Factor
None
Plugin Information
Plugin Output
udp/161/snmp
10.13.100.100 15
10800 - SNMP Query System Information Disclosure
Synopsis
The System Information of the remote host can be obtained via SNMP.
Description
It is possible to obtain the system information about the remote host by sending SNMP requests with the
OID 1.3.6.1.2.1.1.1.
An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to
this port.
Risk Factor
None
Plugin Information
Plugin Output
udp/161/snmp
System information :
sysDescr : CSS610-8G-2S+ SwOS v2.14
sysObjectID : 1.3.6.1.4.1.14988.2
sysUptime : 0d 14h 8m 50s
sysContact :
sysName : MikroTik
sysLocation :
sysServices : 2
10.13.100.100 16
10551 - SNMP Request Network Interfaces Enumeration
Synopsis
The list of network interfaces cards of the remote host can be obtained via SNMP.
Description
It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP
requests with the OID 1.3.6.1.2.1.2.1.0
An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to
this port.
Risk Factor
None
Plugin Information
Plugin Output
udp/161/snmp
Interface 1 information :
ifIndex : 1
ifDescr : Port1
ifPhysAddress : 18fd74e0d30e
Interface 2 information :
ifIndex : 2
ifDescr : Port2
ifPhysAddress : 18fd74e0d30f
Interface 3 information :
ifIndex : 3
ifDescr : Port3
ifPhysAddress : 18fd74e0d310
Interface 4 information :
ifIndex : 4
ifDescr : Port4
ifPhysAddress : 18fd74e0d311
Interface 5 information :
ifIndex : 5
10.13.100.100 17
ifDescr : Port5
ifPhysAddress : 18fd74e0d312
Interface 6 information :
ifIndex : 6
ifDescr : Port6
ifPhysAddress : 18fd74e0d313
Interface 7 information :
ifIndex : 7
ifDescr : Port7
ifPhysAddress : 18fd74e0d314
Interface 8 information :
ifIndex : 8
ifDescr : Port8
ifPhysAddress : 18fd74e0d315
Interface 9 information :
ifIndex : 9
ifDescr : SFP1
ifPhysAddress : 18fd74e0d316
Interface 10 information :
ifIndex : 10
ifDescr : SFP2
ifPhysAddress : 18fd74e0d317
10.13.100.100 18
40448 - SNMP Supported Protocols Detection
Synopsis
This plugin reports all the protocol versions successfully negotiated with the remote SNMP agent.
Description
Extend the SNMP settings data already gathered by testing for\ SNMP versions other than the highest
negotiated.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/161/snmp
10.13.100.100 19
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.100 20
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.100 21
10.13.100.101
0 0 0 0 6
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.101
ly
Vulnerabilities
On
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
se
lU
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
ia
Solution
Tr
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
r
Fo
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
10.13.100.101 22
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is -8305 seconds.
10.13.100.101 23
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5005
10.13.100.101 24
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.101 25
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:36 India Standard Time
Scan duration : 272 sec
Scan for malware : no
10.13.100.101 26
50350 - OS Identification Failed
Synopsis
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or
more fingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to
use them to identify the overall system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
os-signatures@nessus.org
SinFP:!:
P1:B10113:F0x12:W5840:O0204ffff:M1460:
P2:B10113:F0x12:W5792:O0204ffff0402080affffffff4445414401030301:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:190701_7_p=5005
10.13.100.101 27
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.101 28
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.101 29
10.13.100.102
1 2 10 1 35
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.102
ly
OS: Dell iDRAC Controller, KYOCERA Printer, Linux Kernel 2.6
On
Vulnerabilities
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
se
The remote service encrypts traffic using a protocol with known weaknesses.
lU
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are
affected by several cryptographic flaws, including:
An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications
Tr
Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so
that these versions will be used only if the client or server support nothing better), many web browsers
implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE).
Therefore, it is recommended that these protocols be disabled entirely.
r
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of
Fo
enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.
See Also
https://www.schneier.com/academic/paperfiles/paper-ssl.pdf
http://www.nessus.org/u?b06c7e95
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
10.13.100.102 30
https://www.imperialviolet.org/2014/10/14/poodle.html
https://tools.ietf.org/html/rfc7507
https://tools.ietf.org/html/rfc7568
Solution
Risk Factor
Critical
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.102 31
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.102 32
35291 - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak
hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable
to collision attacks. An attacker can exploit this to generate another certificate with the same digital
signature, allowing an attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been
ignored.
See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
Solution
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.1
10.13.100.102 33
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 34
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that
uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
Plugin Information
10.13.100.102 35
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.102 36
50686 - IP Forwarding Enabled
Synopsis
Description
The remote host has IP forwarding enabled. An attacker can exploit this to route packets through the host
and potentially bypass some firewalls / routers / NAC filtering.
Unless the remote host is a router, it is recommended that you disable IP forwarding.
Solution
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
sysctl -w net.inet.ip.forwarding=0
Risk Factor
Medium
6.5 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
VPR Score
4.0
5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)
References
CVE CVE-1999-0511
Plugin Information
10.13.100.102 37
Published: 2010/11/23, Modified: 2021/12/29
Plugin Output
tcp/0
10.13.100.102 38
136929 - JQuery 1.2 < 3.5.0 Multiple XSS
Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server
is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting
vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Solution
Risk Factor
Medium
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.5 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.7
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.4 (CVSS2#E:POC/RL:OF/RC:C)
10.13.100.102 39
STIG Severity
II
References
CVE CVE-2020-11022
CVE CVE-2020-11023
XREF IAVB:2020-B-0030
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.102/js/libs/jquery.min.js
Installed version : 1.10.0
Fixed version : 3.5.0
10.13.100.102 40
136929 - JQuery 1.2 < 3.5.0 Multiple XSS
Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server
is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting
vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Solution
Risk Factor
Medium
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.5 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.7
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.4 (CVSS2#E:POC/RL:OF/RC:C)
10.13.100.102 41
STIG Severity
II
References
CVE CVE-2020-11022
CVE CVE-2020-11023
XREF IAVB:2020-B-0030
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.102/js/libs/jquery.min.js
Installed version : 1.10.0
Fixed version : 3.5.0
10.13.100.102 42
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.102 43
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 44
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of
small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
https://www.rc4nomore.com/
http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with
AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
10.13.100.102 45
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Plugin Output
tcp/443/www
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.102 46
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 47
26928 - SSL Weak Cipher Suites Supported
Synopsis
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.nessus.org/u?6527892d
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
XREF CWE:326
XREF CWE:327
XREF CWE:720
XREF CWE:753
XREF CWE:803
XREF CWE:928
XREF CWE:934
Plugin Information
Plugin Output
10.13.100.102 48
tcp/443/www
Here is the list of weak SSL ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.102 49
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like
1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly
with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
10.13.100.102 50
tcp/443/www
10.13.100.102 51
157288 - TLS Version 1.1 Protocol Deprecated
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 52
TLSv1.1 is enabled and the server supports at least one cipher.
10.13.100.102 53
42263 - Unencrypted Telnet Server
Synopsis
Description
Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are
transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session
to obtain credentials or other sensitive information and to modify traffic exchanged between a client and
server.
SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional
data streams such as an X11 session.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/23/telnet
Nessus collected the following banner from the remote Telnet server :
10.13.100.102 54
69551 - SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Synopsis
The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.
Description
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits.
According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued
after January 1, 2014 must be at least 2048 bits.
Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally,
some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014.
Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to
December 31, 2010, as the standard considers them exempt.
See Also
https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
Solution
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and
reissue any certificates signed by the old certificate.
Risk Factor
Low
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 55
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.102 56
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 57
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
Web Switch
10.13.100.102 58
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
Web Switch
10.13.100.102 59
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
10.13.100.102 60
<link type="text/css" href="themes/steel_gray/css/layout.css" rel="stylesheet" />
<link type="text/css" href="themes/steel_gray/css/style.css" rel="stylesheet" />
<!--[if lte IE 8]>
<link type="text/css" href="themes/steel_gray/css/ie.css" rel="stylesheet" type="text/css" />
<![endif]-->
<title>Loading...</title>
<noscript>
<meta http-equiv="refresh" content="0; url=error.html"/>
</noscript>
</head>
<body>
<div id="index-view-container" widget="htmlLoader" class="body-wrap">
<div id="module-container"></div>
</div>
<script type="text/javascript" src="js/libs/jquery.min.js"></script>
<script type="text/javascript" src="js/libs/jquery.cookie.min.js"></script>
<!--<script type="text/javascript" src="js/libs/echarts.min.js"></script>-->
<script type="text/javascript" src="js/libs/jquery.nicescroll.min.js"></script>
<script type="text/javascript" src="js/libs/interactions.min.js"></script>
<script type="text/javascript" src="js/su/su.js"></script>
<script type="text/javascript" src="js/su/services.js"></script>
<script type="text/javascript" src="js/su/data.js"></script>
<script type="text/javascript" src="js/su/widgets.js"></script>
<script type="text/javascript" src="js/su/managers.js"></script [...]
10.13.100.102 61
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Response Body :
10.13.100.102 62
<!--[if lte IE 8]>
<link type="text/css" href="themes/steel_gray/css/ie.css" rel="stylesheet" type="text/css" />
<![endif]-->
<title>Loading...</title>
<noscript>
<meta http-equiv="refresh" content="0; url=error.html"/>
</noscript>
</head>
<body>
<div id="index-view-container" widget="htmlLoader" class="body-wrap">
<div id="module-container"></div>
</div>
<script type="text/javascript" src="js/libs/jquery.min.js"></script>
<script type="text/javascript" src="js/libs/jquery.cookie.min.js"></script>
<!--<script type="text/javascript" src="js/libs/echarts.min.js"></script>-->
<script type="text/javascript" src="js/libs/jquery.nicescroll.min.js"></script>
<script type="text/javascript" src="js/libs/interactions.min.js"></script>
<script type="text/javascript" src="js/su/su.js"></script>
<script type="text/javascript" src="js/su/services.js"></script>
<script type="text/javascript" src="js/su/data.js"></script>
<script type="text/javascript" src="js/su/widgets.js"></script>
<script type="text/javascript" src="js/su/managers.js"></script>
<script type="text/javascri [...]
10.13.100.102 63
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 24453 seconds.
10.13.100.102 64
106658 - JQuery Detection
Synopsis
Description
See Also
https://jquery.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.102/js/libs/jquery.min.js
Version : 1.10.0
10.13.100.102 65
106658 - JQuery Detection
Synopsis
Description
See Also
https://jquery.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.102/js/libs/jquery.min.js
Version : 1.10.0
10.13.100.102 66
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
10.13.100.102 67
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/23/telnet
10.13.100.102 68
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.102 69
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 70
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.102 71
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:36 India Standard Time
Scan duration : 1174 sec
Scan for malware : no
10.13.100.102 72
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.102 73
50845 - OpenSSL Detection
Synopsis
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the
remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS
extensions (RFC 4366).
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 74
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 75
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Country: CN
State/Province: Guangdong
Locality: Shenzhen
Organization: TP-LINK Technologies CO., LTD.
Common Name: TP-LINK CA
Email Address: service@tp-link.com.cn
Issuer Name:
Country: CN
State/Province: Guangdong
Locality: Shenzhen
Organization: TP-LINK Technologies CO., LTD.
Common Name: TP-LINK CA
Email Address: service@tp-link.com.cn
Serial Number: 00 B4 2B AF 33 A3 1C 01 F9
Version: 3
10.13.100.102 76
72 03 76 FD BE 15 EA 1B 6E E5 21 99 86 54 D8 CB E2 C1 98 80
4E 3B 4F 9B 62 C7 45 0A 79 1D A5 EA DF B6 D3 62 9B 61 77 1A
EA 3E BF A4 64 01 86 16 0D E8 29 43 7B BC 8E FA F8 A0 04 F1
42 C2 8F F7 90 F1 C1 47 07 25 FF BE F5 43 3F 55 2E 5B 64 6D
4F 3D E5 E8 7A 3A 85 84 27 DF E8 2C D0 67 81 BE 2D D8 85 45
DC 7D 94 76 6D 8D AF B7 FD
Exponent: 01 00 01
Fingerprints :
10.13.100.102 77
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.102 78
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.102 79
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.102 80
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
RC4-MD5 0x00, 0x04 RSA RSA RC4(128) MD5
RC4-SHA 0x00, 0x05 RSA RSA RC4(128)
SHA1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.102 81
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.102 82
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.102 83
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 84
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.102 85
Plugin Output
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.102 86
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
10.13.100.102 87
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/23/telnet
10.13.100.102 88
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.102 89
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.102 90
91459 - SolarWinds Server & Application Monitor (SAM) Detection
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution,
is running on the remote host.
See Also
https://www.solarwinds.com/server-application-monitor
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.102/
Version : unknown
10.13.100.102 91
91459 - SolarWinds Server & Application Monitor (SAM) Detection
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution,
is running on the remote host.
See Also
https://www.solarwinds.com/server-application-monitor
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.102/
Version : unknown
10.13.100.102 92
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.102 93
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 94
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.102 95
10281 - Telnet Server Detection
Synopsis
Description
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/23/telnet
10.13.100.102 96
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.102 97
10.13.100.103
1 1 6 1 74
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.103
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
se
The remote service encrypts traffic using a protocol with known weaknesses.
lU
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are
affected by several cryptographic flaws, including:
An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications
Tr
Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so
that these versions will be used only if the client or server support nothing better), many web browsers
implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE).
Therefore, it is recommended that these protocols be disabled entirely.
r
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of
Fo
enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.
See Also
https://www.schneier.com/academic/paperfiles/paper-ssl.pdf
http://www.nessus.org/u?b06c7e95
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
10.13.100.103 98
https://www.imperialviolet.org/2014/10/14/poodle.html
https://tools.ietf.org/html/rfc7507
https://tools.ietf.org/html/rfc7568
Solution
Risk Factor
Critical
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.103 99
DHE-RSA-AES128-SHA256 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 DH RSA AES-CBC(256)
SHA256
RSA-AES128-SHA256 RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 RSA RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.103 100
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that
uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
Plugin Information
10.13.100.103 101
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.103 102
50686 - IP Forwarding Enabled
Synopsis
Description
The remote host has IP forwarding enabled. An attacker can exploit this to route packets through the host
and potentially bypass some firewalls / routers / NAC filtering.
Unless the remote host is a router, it is recommended that you disable IP forwarding.
Solution
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
sysctl -w net.inet.ip.forwarding=0
Risk Factor
Medium
6.5 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
VPR Score
4.0
5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)
References
CVE CVE-1999-0511
Plugin Information
10.13.100.103 103
Published: 2010/11/23, Modified: 2021/12/29
Plugin Output
tcp/0
10.13.100.103 104
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.103 105
Plugin Information
Plugin Output
tcp/443/www
|-Subject : C=CN/ST=BeiJing/L=BeiJing/O=XiaoMi/OU=XiaoMi/CN=www.router.miwifi.com
|-Issuer : C=CN/ST=BeiJing/L=BeiJing/O=XiaoMi/OU=XiaoMi/CN=www.router.miwifi.com
10.13.100.103 106
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
|-Subject : C=CN/ST=BeiJing/L=BeiJing/O=XiaoMi/OU=XiaoMi/CN=www.router.miwifi.com
10.13.100.103 107
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like
1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly
with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
10.13.100.103 108
tcp/443/www
10.13.100.103 109
157288 - TLS Version 1.1 Protocol Deprecated
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 110
TLSv1.1 is enabled and the server supports at least one cipher.
10.13.100.103 111
42263 - Unencrypted Telnet Server
Synopsis
Description
Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are
transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session
to obtain credentials or other sensitive information and to modify traffic exchanged between a client and
server.
SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional
data streams such as an X11 session.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/23/telnet
Nessus collected the following banner from the remote Telnet server :
10.13.100.103 112
69551 - SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Synopsis
The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.
Description
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits.
According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued
after January 1, 2014 must be at least 2048 bits.
Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally,
some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014.
Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to
December 31, 2010, as the standard considers them exempt.
See Also
https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
Solution
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and
reissue any certificates signed by the old certificate.
Risk Factor
Low
Plugin Information
Plugin Output
tcp/443/www
|-Subject : C=CN/ST=BeiJing/L=BeiJing/O=XiaoMi/OU=XiaoMi/CN=www.router.miwifi.com
|-RSA Key Length : 1024 bits
10.13.100.103 113
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.103 114
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.103 115
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 116
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx
10.13.100.103 117
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
nginx
10.13.100.103 118
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/5081/www
nginx
10.13.100.103 119
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8098/www
nginx
10.13.100.103 120
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8191/www
nginx
10.13.100.103 121
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8193/www
nginx
10.13.100.103 122
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8380/www
nginx
10.13.100.103 123
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8383/www
nginx
10.13.100.103 124
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8999/www
nginx
10.13.100.103 125
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Server: nginx
Date: Thu, 15 Apr 2021 02:59:22 GMT
Content-Type: text/html
Content-Length: 2270
Last-Modified: Mon, 12 Apr 2021 06:13:42 GMT
Connection: close
ETag: "6073e516-8de"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
MiCGI-Switch: 1 1
MiCGI-TproxyInfo: 10.13.100.103:80
MiCGI-Upstream: 10.13.100.103
MiCGI-Client-Ip: 10.13.100.122
MiCGI-Host: 10.13.100.103
MiCGI-Http-Host: 10.13.100.103
MiCGI-Server-Ip: 10.13.100.103
MiCGI-Server-Port: 80
MiCGI-Status: LUAROOT
MiCGI-Preload: no
10.13.100.103 126
Accept-Ranges: bytes
Response Body :
<!DOCTYPE html>
<!--[if lt IE 7]><html class="ie6 oldie" lang="zh"><![endif]-->
<!--[if IE 7]><html class="ie7 oldie" lang="zh"><![endif]-->
<!--[if IE 8]><html class="ie8 oldie" lang="zh"><![endif]-->
<!--[if gt IE 8]><!--> <html lang="zh"> <!--<![endif]-->
<head>
<meta http-equiv="x-ua-compatible" content="IE=9" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title></title>
<noscript>
<meta http-equiv="refresh" content="0; url=/cgi-bin/luci/web" />
</noscript>
</head>
<body>
<script>
function isIE(v){
var v = v || "",
tester = document.createElement('div');
tester.innerHTML = '<!--[if IE ' + v + ']><i></i><![endif]-->';
return !!tester.getElementsByTagName('i')[0];
}
var isMobile = {
Android: function() {
return navigator.userAgent.match(/Android/i);
},
BlackBerry: function() {
return navigator.userAgent.match(/BlackBerry/i);
},
iOS: function() {
return navigator.userAgent.match(/iPhone|iPad|iPod/i);
},
Opera: function() {
return navigator.userAgent.match(/Opera Mini/i);
},
Windows: function() {
return navigator.userAgent.match(/IEMobile/i);
},
any: function() {
return (isMobile.Android() || isMobile.BlackBerry() || isMobile.iOS() || isMobile.Opera() ||
isMobile.Windows()) [...]
10.13.100.103 127
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Server: nginx
Date: Thu, 15 Apr 2021 02:59:22 GMT
Content-Type: text/html
Content-Length: 2270
Last-Modified: Mon, 12 Apr 2021 06:13:42 GMT
Connection: close
ETag: "6073e516-8de"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
MiCGI-Switch: 1 1
MiCGI-TproxyInfo: 10.13.100.103:443
MiCGI-Upstream: 10.13.100.103
MiCGI-Client-Ip: 10.13.100.122
MiCGI-Host: 10.13.100.103
MiCGI-Http-Host: 10.13.100.103
MiCGI-Server-Ip: 10.13.100.103
MiCGI-Server-Port: 443
MiCGI-Status: LUAROOT
MiCGI-Preload: no
10.13.100.103 128
Accept-Ranges: bytes
Response Body :
<!DOCTYPE html>
<!--[if lt IE 7]><html class="ie6 oldie" lang="zh"><![endif]-->
<!--[if IE 7]><html class="ie7 oldie" lang="zh"><![endif]-->
<!--[if IE 8]><html class="ie8 oldie" lang="zh"><![endif]-->
<!--[if gt IE 8]><!--> <html lang="zh"> <!--<![endif]-->
<head>
<meta http-equiv="x-ua-compatible" content="IE=9" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title></title>
<noscript>
<meta http-equiv="refresh" content="0; url=/cgi-bin/luci/web" />
</noscript>
</head>
<body>
<script>
function isIE(v){
var v = v || "",
tester = document.createElement('div');
tester.innerHTML = '<!--[if IE ' + v + ']><i></i><![endif]-->';
return !!tester.getElementsByTagName('i')[0];
}
var isMobile = {
Android: function() {
return navigator.userAgent.match(/Android/i);
},
BlackBerry: function() {
return navigator.userAgent.match(/BlackBerry/i);
},
iOS: function() {
return navigator.userAgent.match(/iPhone|iPad|iPod/i);
},
Opera: function() {
return navigator.userAgent.match(/Opera Mini/i);
},
Windows: function() {
return navigator.userAgent.match(/IEMobile/i);
},
any: function() {
return (isMobile.Android() || isMobile.BlackBerry() || isMobile.iOS() || isMobile.Opera() ||
isMobile.Windows [...]
10.13.100.103 129
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5081/www
Server: nginx
Date: Thu, 15 Apr 2021 02:58:47 GMT
Content-Type: application/octet-stream
Content-Length: 160
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
MiStat-Client-Ip: 10.13.100.122
MiStat-Host: 10.13.100.103
MiStat-Http-Host: 10.13.100.103:5081
MiStat-Server-Ip: 10.13.100.103
MiStat-Server-Port: 5081
MiStat-Status: STATINFO
Cache-Control: private,max-age=0
Content-Type: text/plain;charset=utf-8
Response Body :
STAT=OK;
10.13.100.103 130
CODE=200;
hostname=xiaoqiang;
server_addr=10.13.100.103;
server_port=5081;
remote_addr=10.13.100.122;
http_host=10.13.100.103:5081;
uri=/;
10.13.100.103 131
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8098/www
Response Code :
Protocol version : HTTP/1.1
SSL : no
Options allowed : (Not implemented)
Response Body :
10.13.100.103 132
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8193/www
Server: nginx
Date: Thu, 15 Apr 2021 02:58:51 GMT
Content-Type: text/html
Content-Length: 568
Connection: close
Response Body :
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
10.13.100.103 133
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
10.13.100.103 134
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8380/www
Server: nginx
Date: Thu, 15 Apr 2021 02:59:01 GMT
Content-Type: text/html
Content-Length: 2270
Connection: close
Last-Modified: Mon, 12 Apr 2021 06:13:42 GMT
ETag: "6073e516-8de"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
MiCGI-Switch: 0 1
MiCGI-TproxyInfo: 10.13.100.103:80
MiCGI-Upstream: 10.13.100.103:8380
MiCGI-Client-Ip: 10.13.100.103
MiCGI-Host: 10.13.100.103
MiCGI-Http-Host: 10.13.100.103:8380
MiCGI-Server-Ip: 10.13.100.103
MiCGI-Server-Port: 80
MiCGI-Status: LUAROOT
MiCGI-Preload: no
10.13.100.103 135
Accept-Ranges: bytes
Response Body :
<!DOCTYPE html>
<!--[if lt IE 7]><html class="ie6 oldie" lang="zh"><![endif]-->
<!--[if IE 7]><html class="ie7 oldie" lang="zh"><![endif]-->
<!--[if IE 8]><html class="ie8 oldie" lang="zh"><![endif]-->
<!--[if gt IE 8]><!--> <html lang="zh"> <!--<![endif]-->
<head>
<meta http-equiv="x-ua-compatible" content="IE=9" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title></title>
<noscript>
<meta http-equiv="refresh" content="0; url=/cgi-bin/luci/web" />
</noscript>
</head>
<body>
<script>
function isIE(v){
var v = v || "",
tester = document.createElement('div');
tester.innerHTML = '<!--[if IE ' + v + ']><i></i><![endif]-->';
return !!tester.getElementsByTagName('i')[0];
}
var isMobile = {
Android: function() {
return navigator.userAgent.match(/Android/i);
},
BlackBerry: function() {
return navigator.userAgent.match(/BlackBerry/i);
},
iOS: function() {
return navigator.userAgent.match(/iPhone|iPad|iPod/i);
},
Opera: function() {
return navigator.userAgent.match(/Opera Mini/i);
},
Windows: function() {
return navigator.userAgent.match(/IEMobile/i);
},
any: function() {
return (isMobile.Android() || isMobile.BlackBerry() || isMobile.iOS() || isMobile.Opera() ||
isMobile. [...]
10.13.100.103 136
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8383/www
Server: nginx
Date: Thu, 15 Apr 2021 02:58:47 GMT
Content-Type: text/html
Content-Length: 2270
Connection: close
Last-Modified: Mon, 12 Apr 2021 06:13:42 GMT
ETag: "6073e516-8de"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
MiCGI-Switch: 0 1
MiCGI-TproxyInfo: 10.13.100.103:80
MiCGI-Upstream: 10.13.100.103:8383
MiCGI-Client-Ip: 10.13.100.103
MiCGI-Host: 10.13.100.103
MiCGI-Http-Host: 10.13.100.103:8383
MiCGI-Server-Ip: 10.13.100.103
MiCGI-Server-Port: 80
MiCGI-Status: LUAROOT
MiCGI-Preload: no
10.13.100.103 137
Accept-Ranges: bytes
Response Body :
<!DOCTYPE html>
<!--[if lt IE 7]><html class="ie6 oldie" lang="zh"><![endif]-->
<!--[if IE 7]><html class="ie7 oldie" lang="zh"><![endif]-->
<!--[if IE 8]><html class="ie8 oldie" lang="zh"><![endif]-->
<!--[if gt IE 8]><!--> <html lang="zh"> <!--<![endif]-->
<head>
<meta http-equiv="x-ua-compatible" content="IE=9" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title></title>
<noscript>
<meta http-equiv="refresh" content="0; url=/cgi-bin/luci/web" />
</noscript>
</head>
<body>
<script>
function isIE(v){
var v = v || "",
tester = document.createElement('div');
tester.innerHTML = '<!--[if IE ' + v + ']><i></i><![endif]-->';
return !!tester.getElementsByTagName('i')[0];
}
var isMobile = {
Android: function() {
return navigator.userAgent.match(/Android/i);
},
BlackBerry: function() {
return navigator.userAgent.match(/BlackBerry/i);
},
iOS: function() {
return navigator.userAgent.match(/iPhone|iPad|iPod/i);
},
Opera: function() {
return navigator.userAgent.match(/Opera Mini/i);
},
Windows: function() {
return navigator.userAgent.match(/IEMobile/i);
},
any: function() {
return (isMobile.Android() || isMobile.BlackBerry() || isMobile.iOS() || isMobile.Opera() ||
isMobile. [...]
10.13.100.103 138
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8999/www
Server: nginx
Date: Thu, 15 Apr 2021 02:58:57 GMT
Content-Type: text/html
Content-Length: 154
Connection: close
Location: http://guest.router.miwifi.com:8999/wifishare.html
Response Body :
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
10.13.100.103 139
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 22678 seconds.
10.13.100.103 140
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/23/telnet
10.13.100.103 141
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.103 142
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 143
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5081/www
10.13.100.103 144
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8098/www
10.13.100.103 145
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8190/www
10.13.100.103 146
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8191/www
10.13.100.103 147
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8192/www
10.13.100.103 148
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8193/www
10.13.100.103 149
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8380/www
10.13.100.103 150
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8383/www
10.13.100.103 151
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8999/www
10.13.100.103 152
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.103 153
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:36 India Standard Time
Scan duration : 1744 sec
Scan for malware : no
10.13.100.103 154
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.103 155
50845 - OpenSSL Detection
Synopsis
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the
remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS
extensions (RFC 4366).
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 156
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 157
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Country: CN
State/Province: BeiJing
Locality: BeiJing
Organization: XiaoMi
Organization Unit: XiaoMi
Common Name: www.router.miwifi.com
Issuer Name:
Country: CN
State/Province: BeiJing
Locality: BeiJing
Organization: XiaoMi
Organization Unit: XiaoMi
Common Name: www.router.miwifi.com
Serial Number: 00 F1 23 B5 27 4D 41 AC 70
Version: 3
10.13.100.103 158
3B 81 9A 2E 1C 11 FD 23 25 4B F2 73 77 25 78 D3 F2 AC 52 FA
4E 8F 5A E0 73 AE 21 0B E1 89 2F DF BD C0 62 2E 48 33 BE 5D
99 AD FC 20 0A 07 DF 28 E8 52 7D C2 FF 2D D6 5F E8 D9 96 BC
0C 5F 09 56 46 C5 E5 54 6A 71 45 60 CE CE D3 AF AD 90 3E 54
1F DC BB FF 96 72 FB 2F BE E4 65 98 43 90 C8 4E 6F C6 F0 2B
A2 51 EC A8 54 26 17 EF EB
Exponent: 01 00 01
Fingerprints :
SHA-256 Fingerprint: 90 90 39 29 94 A6 A5 55 41 A1 5F 76 93 52 8B DE 42 D6 90 B0
E4 22 94 9A 50 B7 78 72 E5 E5 A8 E3
SHA-1 Fingerprint: 79 2F F5 7A 31 41 EE AD CA 01 40 93 42 0A F9 19 CB 0B 82 15
MD5 Fingerprint: CC 9F DA 29 65 18 25 3E 5F E7 1B 3C A9 21 AF 79
PEM certificate :
-----BEGIN CERTIFICATE-----
MIICYjCCAcugAwIBAgIJAPEjtSdNQaxwMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlKaW5nMRAwDgYDVQQHDAdCZW
[...]
10.13.100.103 159
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.103 160
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.103 161
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 162
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256)
SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA [...]
10.13.100.103 163
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.103 164
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.103 165
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.103 166
Plugin Output
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{ex [...]
10.13.100.103 167
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/23/telnet
10.13.100.103 168
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 169
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5081/www
10.13.100.103 170
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8098/www
10.13.100.103 171
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8191/www
10.13.100.103 172
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8193/www
10.13.100.103 173
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8380/www
10.13.100.103 174
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8383/www
10.13.100.103 175
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8999/www
10.13.100.103 176
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.103 177
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 178
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8190/www
10.13.100.103 179
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8192/www
10.13.100.103 180
91459 - SolarWinds Server & Application Monitor (SAM) Detection
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution,
is running on the remote host.
See Also
https://www.solarwinds.com/server-application-monitor
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5081/www
URL : http://10.13.100.103:5081/
Version : unknown
10.13.100.103 181
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.103 182
87242 - TLS NPN Supported Protocol Enumeration
Synopsis
Description
The remote host supports the TLS NPN (Transport Layer Security Next Protocol Negotiation) extension. This
plugin enumerates the protocols the extension supports.
See Also
https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
http/1.1
10.13.100.103 183
62564 - TLS Next Protocols Supported
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS
connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service
may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
https://technotes.googlecode.com/git/nextprotoneg.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
http/1.1
10.13.100.103 184
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 185
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.103 186
10281 - Telnet Server Detection
Synopsis
Description
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/23/telnet
10.13.100.103 187
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.103 188
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5081/www
10.13.100.103 189
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8999/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :
http://10.13.100.103:8999/khXGLGLptbKh.html
10.13.100.103 190
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.103/
Version : unknown
source : Server: nginx
10.13.100.103 191
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.103/
Version : unknown
source : Server: nginx
10.13.100.103 192
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/5081/www
URL : http://10.13.100.103:5081/
Version : unknown
source : Server: nginx
10.13.100.103 193
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/8098/www
URL : http://10.13.100.103:8098/
Version : unknown
source : Server: nginx
10.13.100.103 194
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/8191/www
URL : http://10.13.100.103:8191/
Version : unknown
source : Server: nginx
10.13.100.103 195
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/8193/www
URL : http://10.13.100.103:8193/
Version : unknown
source : Server: nginx
10.13.100.103 196
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/8380/www
URL : http://10.13.100.103:8380/
Version : unknown
source : Server: nginx
10.13.100.103 197
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/8383/www
URL : http://10.13.100.103:8383/
Version : unknown
source : Server: nginx
10.13.100.103 198
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/8999/www
URL : http://10.13.100.103:8999/
Version : unknown
source : Server: nginx
10.13.100.103 199
10.13.100.104
1 2 8 1 26
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.104
ly
OS: Dell iDRAC Controller, KYOCERA Printer, Linux Kernel 2.6
On
Vulnerabilities
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
se
The remote service encrypts traffic using a protocol with known weaknesses.
lU
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are
affected by several cryptographic flaws, including:
An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications
Tr
Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so
that these versions will be used only if the client or server support nothing better), many web browsers
implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE).
Therefore, it is recommended that these protocols be disabled entirely.
r
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of
Fo
enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.
See Also
https://www.schneier.com/academic/paperfiles/paper-ssl.pdf
http://www.nessus.org/u?b06c7e95
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
10.13.100.104 200
https://www.imperialviolet.org/2014/10/14/poodle.html
https://tools.ietf.org/html/rfc7507
https://tools.ietf.org/html/rfc7568
Solution
Risk Factor
Critical
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.104 201
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.104 202
35291 - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak
hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable
to collision attacks. An attacker can exploit this to generate another certificate with the same digital
signature, allowing an attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been
ignored.
See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
Solution
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.1
10.13.100.104 203
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 204
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that
uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
Plugin Information
10.13.100.104 205
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.104 206
50686 - IP Forwarding Enabled
Synopsis
Description
The remote host has IP forwarding enabled. An attacker can exploit this to route packets through the host
and potentially bypass some firewalls / routers / NAC filtering.
Unless the remote host is a router, it is recommended that you disable IP forwarding.
Solution
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
sysctl -w net.inet.ip.forwarding=0
Risk Factor
Medium
6.5 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
VPR Score
4.0
5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)
References
CVE CVE-1999-0511
Plugin Information
10.13.100.104 207
Published: 2010/11/23, Modified: 2021/12/29
Plugin Output
tcp/0
10.13.100.104 208
136929 - JQuery 1.2 < 3.5.0 Multiple XSS
Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server
is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting
vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Solution
Risk Factor
Medium
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.5 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.7
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.4 (CVSS2#E:POC/RL:OF/RC:C)
10.13.100.104 209
STIG Severity
II
References
CVE CVE-2020-11022
CVE CVE-2020-11023
XREF IAVB:2020-B-0030
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.104/js/libs/jquery.min.js
Installed version : 1.10.0
Fixed version : 3.5.0
10.13.100.104 210
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.104 211
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 212
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of
small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
https://www.rc4nomore.com/
http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with
AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
4.4
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
10.13.100.104 213
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Plugin Output
tcp/443/www
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.104 214
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 215
26928 - SSL Weak Cipher Suites Supported
Synopsis
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.nessus.org/u?6527892d
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
XREF CWE:326
XREF CWE:327
XREF CWE:720
XREF CWE:753
XREF CWE:803
XREF CWE:928
XREF CWE:934
Plugin Information
Plugin Output
10.13.100.104 216
tcp/443/www
Here is the list of weak SSL ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.104 217
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like
1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly
with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
10.13.100.104 218
tcp/443/www
10.13.100.104 219
157288 - TLS Version 1.1 Protocol Deprecated
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 220
TLSv1.1 is enabled and the server supports at least one cipher.
10.13.100.104 221
69551 - SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Synopsis
The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.
Description
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits.
According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued
after January 1, 2014 must be at least 2048 bits.
Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally,
some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014.
Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to
December 31, 2010, as the standard considers them exempt.
See Also
https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
Solution
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and
reissue any certificates signed by the old certificate.
Risk Factor
Low
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 222
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.104 223
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 224
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
Web Switch
10.13.100.104 225
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Response Body :
10.13.100.104 226
<!--[if lte IE 8]>
<link type="text/css" href="themes/steel_gray/css/ie.css" rel="stylesheet" type="text/css" />
<![endif]-->
<title>Loading...</title>
<noscript>
<meta http-equiv="refresh" content="0; url=error.html"/>
</noscript>
</head>
<body>
<div id="index-view-container" widget="htmlLoader" class="body-wrap">
<div id="module-container"></div>
</div>
<script type="text/javascript" src="js/libs/jquery.min.js"></script>
<script type="text/javascript" src="js/libs/jquery.cookie.min.js"></script>
<!--<script type="text/javascript" src="js/libs/echarts.min.js"></script>-->
<script type="text/javascript" src="js/libs/jquery.nicescroll.min.js"></script>
<script type="text/javascript" src="js/libs/interactions.min.js"></script>
<script type="text/javascript" src="js/su/su.js"></script>
<script type="text/javascript" src="js/su/services.js"></script>
<script type="text/javascript" src="js/su/data.js"></script>
<script type="text/javascript" src="js/su/widgets.js"></script>
<script type="text/javascript" src="js/su/managers.js"></script>
<script type="text/javasc [...]
10.13.100.104 227
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 24456 seconds.
10.13.100.104 228
106658 - JQuery Detection
Synopsis
Description
See Also
https://jquery.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.104/js/libs/jquery.min.js
Version : 1.10.0
10.13.100.104 229
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.104 230
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 231
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.104 232
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:36 India Standard Time
Scan duration : 728 sec
Scan for malware : no
10.13.100.104 233
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.104 234
50845 - OpenSSL Detection
Synopsis
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the
remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS
extensions (RFC 4366).
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 235
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 236
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Country: CN
State/Province: Guangdong
Locality: Shenzhen
Organization: TP-LINK Technologies CO., LTD.
Common Name: TP-LINK CA
Email Address: service@tp-link.com.cn
Issuer Name:
Country: CN
State/Province: Guangdong
Locality: Shenzhen
Organization: TP-LINK Technologies CO., LTD.
Common Name: TP-LINK CA
Email Address: service@tp-link.com.cn
Serial Number: 00 B4 2B AF 33 A3 1C 01 F9
Version: 3
10.13.100.104 237
72 03 76 FD BE 15 EA 1B 6E E5 21 99 86 54 D8 CB E2 C1 98 80
4E 3B 4F 9B 62 C7 45 0A 79 1D A5 EA DF B6 D3 62 9B 61 77 1A
EA 3E BF A4 64 01 86 16 0D E8 29 43 7B BC 8E FA F8 A0 04 F1
42 C2 8F F7 90 F1 C1 47 07 25 FF BE F5 43 3F 55 2E 5B 64 6D
4F 3D E5 E8 7A 3A 85 84 27 DF E8 2C D0 67 81 BE 2D D8 85 45
DC 7D 94 76 6D 8D AF B7 FD
Exponent: 01 00 01
Fingerprints :
10.13.100.104 238
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.104 239
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.104 240
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.104 241
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
RC4-MD5 0x00, 0x04 RSA RSA RC4(128) MD5
RC4-SHA 0x00, 0x05 RSA RSA RC4(128)
SHA1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.104 242
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.104 243
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.104 244
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 245
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.104 246
Plugin Output
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.104 247
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.104 248
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.104 249
91459 - SolarWinds Server & Application Monitor (SAM) Detection
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution,
is running on the remote host.
See Also
https://www.solarwinds.com/server-application-monitor
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.104/
Version : unknown
10.13.100.104 250
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.104 251
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 252
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.104 253
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.104 254
10.13.100.105
0 0 0 0 17
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.105
ly
MAC Address: B4:22:00:1D:E1:FB
On
Vulnerabilities
11933 - Do not scan printers
Synopsis
se
The remote host appears to be a fragile device and will not be scanned.
lU
Description
The remote host appears to be a network printer, multi-function device, or other fragile device. Such
devices often react very poorly when scanned. To avoid problems, Nessus has marked the remote host as
'Dead' and will not scan it.
ia
Solution
If you are not concerned about such behavior, enable the 'Scan Network Printers' setting under the 'Do not
Tr
Risk Factor
r
None
Fo
References
XREF IAVB:0001-B-0525
Plugin Information
Plugin Output
10.13.100.105 255
tcp/0
10.13.100.105 256
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Nessus SNMP scanner was able to retrieve the open port list
with the community name: p*****
It found 8 open TCP ports and 5 open UDP ports.
10.13.100.105 257
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/69
10.13.100.105 258
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
10.13.100.105 259
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/137/netbios-ns
10.13.100.105 260
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
10.13.100.105 261
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/515
10.13.100.105 262
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/631
10.13.100.105 263
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/3702
10.13.100.105 264
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/5353
10.13.100.105 265
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/9100
10.13.100.105 266
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/44068
10.13.100.105 267
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/54921
10.13.100.105 268
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/54922
10.13.100.105 269
14274 - Nessus SNMP Scanner
Synopsis
Description
This plugin runs an SNMP scan against the remote machine to find open ports.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/54923
10.13.100.105 270
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.105 271
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : snmp_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:41 India Standard Time
Scan duration : 31 sec
Scan for malware : no
10.13.100.105 272
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB
requests.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/137/netbios-ns
The remote host has the following MAC address on its adapter :
b4:22:00:1d:e1:fb
10.13.100.105 273
10.13.100.106
0 0 2 0 32
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.106
ly
OS: Nutanix
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.106 274
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=airalgo.com
|-Not After : Feb 11 00:12:35 2023 GMT
10.13.100.106 275
15901 - SSL Certificate Expiry
Synopsis
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and
reports whether any have already expired.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
Subject : CN=airalgo.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Nov 13 00:12:36 2022 GMT
Not valid after : Feb 11 00:12:35 2023 GMT
10.13.100.106 276
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.106 277
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.106 278
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.106 279
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx/1.18.0 (Ubuntu)
10.13.100.106 280
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
nginx/1.18.0 (Ubuntu)
10.13.100.106 281
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/5000/www
gunicorn
10.13.100.106 282
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
10.13.100.106 283
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>#$###If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
10.13.100.106 284
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Response Body :
10.13.100.106 285
10.13.100.106 286
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
Server: gunicorn
Date: Mon, 09 Oct 2023 09:18:49 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 207
Response Body :
10.13.100.106 287
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.106 288
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.106 289
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.106 290
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.106 291
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:42 India Standard Time
Scan duration : 1253 sec
Scan for malware : no
10.13.100.106 292
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.106 293
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.106 294
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 04 4A 6A 7F 09 FF AE 69 99 A9 EF B1 07 5B B6 47 FA 22
Version: 3
10.13.100.106 295
3F B5 95 A9 AE D0 CA 58 3F 3A CF FE 31 C7 D8 E8 0F 29 F9 B6
AC CB 1D EF FF 0E AB AC A1 69 9B 8B 8C D1 4B 77 A9 CD CC 60
1D B0 C2 BE 5A 88 8C DF BB 8A 43 10 F1 9B BF 10 30 E3 15 FB
E2 C6 EA B7 AF 40 52 EE 9A 8C 5E 46 C8 0E 68 83 8F
Exponent: 01 00 01
10.13.100.106 296
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.106 297
Plugin Output
tcp/443/www
10.13.100.106 298
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.106 299
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.106 300
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.106 301
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.106 302
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.106 303
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.106 304
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.106 305
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.106 306
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.106 307
62564 - TLS Next Protocols Supported
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS
connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service
may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
https://technotes.googlecode.com/git/nextprotoneg.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
http/1.1
10.13.100.106 308
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.106 309
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.106 310
11765 - UPnP TCP Helper Detection
Synopsis
Description
If the tested network is not a home network, you should disable this service.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.106 311
10302 - Web Server robots.txt Information Disclosure
Synopsis
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting
certain directories in a website for maintenance or indexing purposes. A malicious user may also be able
to use the contents of this file to learn of sensitive documents or directories on the affected site and either
retrieve them directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt
file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Contents of robots.txt :
# https://www.robotstxt.org/robotstxt.html
User-agent: *
Disallow:
10.13.100.106 312
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.106/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.106 313
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.106/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.106 314
10.13.100.110
0 0 4 0 39
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.110
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.110 315
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/8009
|-Subject : CN=06c61c88-c0c4-ad1e-0d59-2e2b8fd49172
|-Issuer : CN=06c61c88-c0c4-ad1e-0d59-2e2b8fd49172
10.13.100.110 316
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.110 317
Plugin Information
Plugin Output
tcp/8443
10.13.100.110 318
56284 - SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions
Synopsis
An X.509 certificate in the chain used by this service fails to adhere to all of its basic constraints and key
usage extensions.
Description
An X.509 certificate sent by the remote host contains one or more violations of the restrictions imposed
on it by RFC 5280. This means that either a root or intermediate Certificate Authority signed a certificate
incorrectly.
Certificates that fail to adhere to the restrictions in their extensions may be rejected by certain software.
The existence of such certificates indicates either an oversight in the signing process, or malicious intent.
See Also
http://www.ietf.org/rfc/rfc5280.txt
Solution
Risk Factor
Medium
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/8443
10.13.100.110 319
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/8009
|-Subject : CN=06c61c88-c0c4-ad1e-0d59-2e2b8fd49172
10.13.100.110 320
46180 - Additional DNS Hostnames
Synopsis
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus
has generated a list of hostnames that point to the remote host. Note that these are only the alternate
hostnames for vhosts discovered on a web server.
See Also
https://en.wikipedia.org/wiki/Virtual_hosting
Solution
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.110 321
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.110 322
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.110 323
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
10.13.100.110 324
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8008/www
10.13.100.110 325
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
10.13.100.110 326
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
10.13.100.110 327
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000
10.13.100.110 328
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/10101
10.13.100.110 329
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.110 330
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:48 India Standard Time
Scan duration : 2005 sec
Scan for malware : no
10.13.100.110 331
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.110 332
10919 - Open Port Re-check
Synopsis
Description
One of several ports that were previously open are now closed or unresponsive.
- An administrator may have stopped a particular service during the scanning process.
- A network outage has been experienced during the scan, and the remote network cannot be reached
anymore by the scanner.
- This scanner may has been blacklisted by the system administrator or by an automatic intrusion
detection / prevention system that detected the scan.
- The remote host is now down, either because a user turned it off during the scan or because a select
denial of service was effective.
In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
Risk Factor
None
References
XREF IAVB:0001-B-0509
Plugin Information
Plugin Output
tcp/0
10.13.100.110 333
Port 10101 was detected as being open but is now closed
10.13.100.110 334
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
10.13.100.110 335
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
10.13.100.110 336
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/10101
10.13.100.110 337
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
|-Subject : CN=06c61c88-c0c4-ad1e-0d59-2e2b8fd49172
|-Not After : Oct 10 20:54:35 2023 GMT
10.13.100.110 338
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
Subject : CN=06c61c88-c0c4-ad1e-0d59-2e2b8fd49172
Issuer : CN=06c61c88-c0c4-ad1e-0d59-2e2b8fd49172
Not valid before : Oct 8 20:54:35 2023 GMT
Not valid after : Oct 10 20:54:35 2023 GMT
10.13.100.110 339
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
Subject Name:
Issuer Name:
Serial Number: 12 92 8A D3
Version: 3
10.13.100.110 340
0F C1 D8 2F D8 80 B7 8A 9D 8D 21 9C DC E7 93 93 42 45 B0 89
EC 22 2A 8D 8A D4 E2 67 57 34 72 29 A1 F4 E8 A3 1F
Exponent: 01 00 01
10.13.100.110 341
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
Subject Name:
Country: US
State/Province: Washington
Locality: Kirkland
Organization: Google Inc
Organization Unit: Widevine
Common Name: 1320400585132062642
Issuer Name:
Country: US
State/Province: Washington
Locality: Kirkland
Organization: Google Inc
Organization Unit: Widevine
Common Name: TCL TV R1 Realtek RTD2841 Cast ICA
Serial Number: 12 53 01 56 1E 03 B7 B2
Version: 3
10.13.100.110 342
A0 35 6B 07 E1 B3 59 36 44 02 67 A4 29 F3 A7 61 35 A8 0C B9
99 13 2E E6 D7 00 41 40 E6 50 65 7C FF FD 45 8D 5B 61 EA 9D
0F 27 AE D0 58 27 1D 5F 58 1B A8 A8 3C C3 37 2A 2F 47 BF 1C
43 D8 4C C0 4E 7F 33 41 28 E5 89 33 84 53 34 88 34 59 B2 D7
0C C7 EC 45 B0 BD 51 0B CF 82 12 46 47 EA 52 2A 35 84 18 91
14 9C B0 96 7C B4 5A 2F 68 EA 8B BA 0B A7 F9 48 3C 18 1A BE
77 D1 BF D0 6A 61 EE CB 0B 3E F6 88 32 92 07 99 09 22 2B CF
39 9F B8 C9 4E 39 37 11 1A 7F 29 37 92 99 CD 9F DB AD B8 82
11 CF 50 75 14 56 0B 27 0E CF 0D 3E E0 9C DF AA 8C 73 F8 4E
3D BB D3 BF 1F 15 44 E3 C0 2C DB AA 61 75 5C 33 FA 9C 96 A9
73 3C 9D F3 42 CC 58 65 9D 5C 96 63 75 BC 83 42 BB 20 10 0A
A2 E2 D2 69 F8 5A 20 7A 38 E9 1C FF E7 0D 2D 02 19
Exponent: 01 00 01
10.13.100.110 343
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
Here is the list of SSL CBC ciphers supported by the remote server :
10.13.100.110 344
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.110 345
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.110 346
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.110 347
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
10.13.100.110 348
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128)
SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentic [...]
10.13.100.110 349
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
{Tenable ciphername}
{Cipher ID code}
10.13.100.110 350
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.110 351
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.110 352
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.110 353
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.110 354
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.110 355
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.110 356
Plugin Output
tcp/8009
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.110 357
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.110 358
Plugin Output
tcp/8443
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.110 359
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
10.13.100.110 360
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
10.13.100.110 361
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000
10.13.100.110 362
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/10101
10.13.100.110 363
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.110 364
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
10.13.100.110 365
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/8443
10.13.100.110 366
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.110 367
35711 - Universal Plug and Play (UPnP) Protocol Detection
Synopsis
Description
The remote device answered an SSDP M-SEARCH request. Therefore, it supports 'Universal Plug and
Play' (UPnP). This protocol provides automatic configuration and device discovery. It is primarily intended
for home networks. An attacker could potentially leverage this to discover your network architecture.
See Also
https://en.wikipedia.org/wiki/Universal_Plug_and_Play
https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
http://quimby.gnus.org/internet-drafts/draft-cai-ssdp-v1-03.txt
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/1900/ssdp
The device responded to an SSDP M-SEARCH request with the following locations :
http://10.13.100.110:8008/ssdp/device-desc.xml
uuid:06c61c88-c0c4-ad1e-0d59-2e2b8fd49172::upnp:rootdevice
uuid:06c61c88-c0c4-ad1e-0d59-2e2b8fd49172::urn:dial-multiscreen-org:device:dial:1
uuid:06c61c88-c0c4-ad1e-0d59-2e2b8fd49172::urn:dial-multiscreen-org:service:dial:1
10.13.100.110 368
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :
Port : 8009
Type : spontaneous
Banner :
0x00: 00 00 00 58 08 00 12 0B 54 72 40 6E 24 70 30 72 ...X....Tr@n$p0r
0x10: 74 2D 30 1A 0B 54 72 40 6E 24 70 30 72 74 2D 30 t-0..Tr@n$p0rt-0
0x20: 22 27 75 72 6E 3A 78 2D 63 61 73 74 3A 63 6F 6D "'urn:x-cast:com
0x30: 2E 67 6F 6F 67 6C 65 2E 63 61 73 74 2E 74 70 2E .google.cast.tp.
0x40: 68 65 61 72 74 62 65 61 74 28 00 32 0F 7B 22 74 heartbeat(.2.{"t
0x50: 79 70 65 22 3A 22 50 49 4E 47 22 7D ype":"PING"}
10.13.100.110 369
35712 - Web Server UPnP Detection
Synopsis
Description
Nessus was able to extract some information about the UPnP-enabled device by querying this web server.
Services may also be reachable through SOAP requests.
See Also
https://en.wikipedia.org/wiki/Universal_Plug_and_Play
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8008/www
deviceType: urn:dial-multiscreen-org:device:dial:1
friendlyName: NEAT
manufacturer: SCBC
modelName: ATV R1
modelName: ATV R1
ServiceID: urn:dial-multiscreen-org:serviceId:dial
serviceType: urn:dial-multiscreen-org:service:dial:1
controlURL: /ssdp/notfound
eventSubURL: /ssdp/notfound
SCPDURL: /ssdp/notfound
10.13.100.110 370
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
- Advertised services :
o Service name : NEAT._androidtvremote2._tcp.local.
Port number : 6466
10.13.100.110 371
10.13.100.111
0 0 1 0 30
CRITICAL HIGH MEDIUM LOW INFO
Host Information
ly
IP: 10.13.100.111
MAC Address: 28:16:AD:59:5F:01
On
OS: Microsoft Windows 10 Enterprise
Vulnerabilities
57608 - SMB Signing not required
Synopsis
se
lU
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to
ia
See Also
Tr
http://www.nessus.org/u?df39b8b3
http://technet.microsoft.com/en-us/library/cc731957.aspx
http://www.nessus.org/u?74b80723
r
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
Fo
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting
'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server
signing'. See the 'see also' links for further details.
Risk Factor
Medium
10.13.100.111 372
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information
Plugin Output
tcp/445/cifs
10.13.100.111 373
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.111 374
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/135/epmap
10.13.100.111 375
Named pipe : lsasspirpc
10.13.100.111 376
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445/cifs
10.13.100.111 377
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\PRANITA
10.13.100.111 378
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/49664/dce-rpc
10.13.100.111 379
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49664
IP : 10.13.100.111
10.13.100.111 380
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/49665/dce-rpc
10.13.100.111 381
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/49666/dce-rpc
10.13.100.111 382
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/49667/dce-rpc
10.13.100.111 383
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/49670/dce-rpc
10.13.100.111 384
TCP Port : 49670
IP : 10.13.100.111
10.13.100.111 385
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information
it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/49677/dce-rpc
10.13.100.111 386
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.111 387
35716 - Ethernet Card Manufacturer Detection
Synopsis
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are
registered by IEEE.
See Also
https://standards.ieee.org/faqs/regauth.html
http://www.nessus.org/u?794673b4
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.111 388
86420 - Ethernet MAC Addresses
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and
Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single,
unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.111 389
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
Synopsis
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by
sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on
the host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445/cifs
Nessus was able to obtain the following information about the host, by
parsing the SMB2 Protocol's NTLM SSP message:
10.13.100.111 390
11011 - Microsoft Windows SMB Service Detection
Synopsis
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/139/smb
10.13.100.111 391
11011 - Microsoft Windows SMB Service Detection
Synopsis
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445/cifs
10.13.100.111 392
100871 - Microsoft Windows SMB Versions Supported (remote check)
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication
request to port 139 or 445.
Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445/cifs
10.13.100.111 393
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an
authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445/cifs
The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10
10.13.100.111 394
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/135/epmap
10.13.100.111 395
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/139/smb
10.13.100.111 396
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/445/cifs
10.13.100.111 397
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/6666
10.13.100.111 398
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
10.13.100.111 399
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.111 400
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:49 India Standard Time
Scan duration : 593 sec
Scan for malware : no
10.13.100.111 401
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
SinFP:!:
P1:B11113:F0x12:W8192:O0204ffff:M1460:
P2:B11113:F0x12:W8192:O0204ffff0103030801010402:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:190701_7_p=139
10.13.100.111 402
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SMB service.
10.13.100.111 403
10919 - Open Port Re-check
Synopsis
Description
One of several ports that were previously open are now closed or unresponsive.
- An administrator may have stopped a particular service during the scanning process.
- A network outage has been experienced during the scan, and the remote network cannot be reached
anymore by the scanner.
- This scanner may has been blacklisted by the system administrator or by an automatic intrusion
detection / prevention system that detected the scan.
- The remote host is now down, either because a user turned it off during the scan or because a select
denial of service was effective.
In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
Risk Factor
None
References
XREF IAVB:0001-B-0509
Plugin Information
Plugin Output
tcp/0
10.13.100.111 404
Port 6666 was detected as being open but is now unresponsive
Port 8080 was detected as being open but is now unresponsive
10.13.100.111 405
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.111 406
10.13.100.111 407
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.111 408
135860 - WMI Not Available
Synopsis
Description
WMI (Windows Management Instrumentation) is not available on the remote host over DCOM. WMI
queries are used to gather information about the remote host, such as its current state, network interface
configuration, etc.
Without this information Nessus may not be able to identify installed software or security vunerabilities
that exist on the remote host.
See Also
https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445/cifs
10.13.100.111 409
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB
requests.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/137/netbios-ns
The remote host has the following MAC address on its adapter :
28:16:ad:59:5f:01
10.13.100.111 410
10.13.100.115
0 0 2 0 32
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.115
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.115 411
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=airalgo.com
|-Not After : Sep 30 15:23:37 2023 GMT
10.13.100.115 412
15901 - SSL Certificate Expiry
Synopsis
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and
reports whether any have already expired.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
Subject : CN=airalgo.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Jul 2 15:23:38 2023 GMT
Not valid after : Sep 30 15:23:37 2023 GMT
10.13.100.115 413
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.115 414
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.115 415
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.115 416
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx/1.18.0 (Ubuntu)
10.13.100.115 417
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
nginx/1.18.0 (Ubuntu)
10.13.100.115 418
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
10.13.100.115 419
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
10.13.100.115 420
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Response Body :
10.13.100.115 421
10.13.100.115 422
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080/www
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 09 Oct 2023 09:19:18 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Response Body :
10.13.100.115 423
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 561 seconds.
10.13.100.115 424
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.115 425
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.115 426
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080/www
10.13.100.115 427
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.115 428
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:56 India Standard Time
Scan duration : 1006 sec
Scan for malware : no
10.13.100.115 429
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.115 430
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.115 431
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 04 11 D5 AA 3A D3 77 9C FB A9 D0 2A D6 89 E5 5D 2E 70
Version: 3
10.13.100.115 432
A6 E3 B6 52 E0 8B 73 87 26 59 BD 08 D0 D6 9E 96 57 1C A2 F9
38 29 F8 BF B5 39 72 19 72 01 03 22 AB 85 1E 15 D1 07 E1 7B
D4 DF E8 44 AE BB 96 0F DB 7C 0A D6 07 F1 42 DC 93 84 57 B8
39 1A 2F 8F A0 1B F9 E9 D9 EF 29 13 25 EC 49 E8 F1
Exponent: 01 00 01
10.13.100.115 433
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.115 434
Plugin Output
tcp/443/www
10.13.100.115 435
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.115 436
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.115 437
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.115 438
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.115 439
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.115 440
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.115 441
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.115 442
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080/www
10.13.100.115 443
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.115 444
62564 - TLS Next Protocols Supported
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS
connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service
may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
https://technotes.googlecode.com/git/nextprotoneg.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
http/1.1
10.13.100.115 445
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.115 446
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.115 447
10302 - Web Server robots.txt Information Disclosure
Synopsis
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting
certain directories in a website for maintenance or indexing purposes. A malicious user may also be able
to use the contents of this file to learn of sensitive documents or directories on the affected site and either
retrieve them directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt
file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Contents of robots.txt :
# https://www.robotstxt.org/robotstxt.html
User-agent: *
Disallow:
10.13.100.115 448
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.115 449
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.115/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.115 450
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.115/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.115 451
10.13.100.116
0 0 14 0 165
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.116
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.116 452
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 453
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.116 454
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 455
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.116 456
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 457
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.116 458
Plugin Information
Plugin Output
tcp/443/www
10.13.100.116 459
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.116 460
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 461
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.116 462
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 463
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.116 464
Plugin Information
Plugin Output
tcp/993/imap
10.13.100.116 465
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.116 466
Plugin Information
Plugin Output
tcp/995/pop3
10.13.100.116 467
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like
1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly
with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
10.13.100.116 468
tcp/25/smtp
10.13.100.116 469
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like
1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly
with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
10.13.100.116 470
tcp/465/smtp
10.13.100.116 471
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like
1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly
with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
10.13.100.116 472
tcp/587/smtp
10.13.100.116 473
157288 - TLS Version 1.1 Protocol Deprecated
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 474
TLSv1.1 is enabled and the server supports at least one cipher.
10.13.100.116 475
157288 - TLS Version 1.1 Protocol Deprecated
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 476
TLSv1.1 is enabled and the server supports at least one cipher.
10.13.100.116 477
157288 - TLS Version 1.1 Protocol Deprecated
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 478
TLSv1.1 is enabled and the server supports at least one cipher.
10.13.100.116 479
46180 - Additional DNS Hostnames
Synopsis
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus
has generated a list of hostnames that point to the remote host. Note that these are only the alternate
hostnames for vhosts discovered on a web server.
See Also
https://en.wikipedia.org/wiki/Virtual_hosting
Solution
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.116 480
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Plugin Output
tcp/800/www
URL : http://10.13.100.116:800/
Version : 2.4.99
Source : Server: Apache/2.4.52 (Ubuntu)
backported : 1
os : ConvertedUbuntu
10.13.100.116 481
39521 - Backported Security Patch Detection (WWW)
Synopsis
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version
number.
Note that this test is informational only and does not denote any security problem.
See Also
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/800/www
10.13.100.116 482
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.116 483
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.116 484
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.116 485
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each
directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the
response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access
GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed
unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web
applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if
it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any
security vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/800/www
10.13.100.116 486
Based on the response to an OPTIONS request :
10.13.100.116 487
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx
10.13.100.116 488
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
nginx
10.13.100.116 489
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/800/www
Apache/2.4.52 (Ubuntu)
10.13.100.116 490
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Server: nginx
Date: Mon, 09 Oct 2023 09:38:05 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://10.13.100.116/
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Response Body :
<html>
<head><title>301 Moved Permanently</title></head>
<body>
10.13.100.116 491
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
10.13.100.116 492
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Server: nginx
Date: Mon, 09 Oct 2023 09:38:05 GMT
Content-Type: text/html
Content-Length: 78
Last-Modified: Sun, 14 Aug 2022 08:00:48 GMT
Connection: keep-alive
ETag: "62f8abb0-4e"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes
Response Body :
10.13.100.116 493
<html><head><meta HTTP-EQUIV="REFRESH" content="0; url=/mail/"></head></html>
10.13.100.116 494
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/800/www
Response Body :
10.13.100.116 495
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is -351 seconds.
10.13.100.116 496
11414 - IMAP Service Banner Retrieval
Synopsis
Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 497
11414 - IMAP Service Banner Retrieval
Synopsis
Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
10.13.100.116 498
42085 - IMAP Service STARTTLS Command Support
Synopsis
Description
The remote IMAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an
encrypted communications channel.
See Also
https://en.wikipedia.org/wiki/STARTTLS
https://tools.ietf.org/html/rfc2595
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 499
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 500
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.116 501
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 502
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 503
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.116 504
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 505
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 506
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/800/www
10.13.100.116 507
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
10.13.100.116 508
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
10.13.100.116 509
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081/ssh
10.13.100.116 510
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.116 511
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 14:59 India Standard Time
Scan duration : 1043 sec
Scan for malware : no
10.13.100.116 512
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
SSH:!:SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
SinFP:
P1:B10113:F0x12:W64240:O0204ffff:M1460:
P2:B10113:F0x12:W65160:O0204ffff0402080affffffff4445414401030307:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:190701_7_p=443
HTTP:!:Server: nginx
10.13.100.116 513
The remote host is running Linux Kernel 2.6
10.13.100.116 514
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.13.100.116 515
181418 - OpenSSH Detection
Synopsis
Description
See Also
https://www.openssh.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081/ssh
Path : /
Version : 8.9p1
Distribution : ubuntu-3ubuntu0.3
10.13.100.116 516
50845 - OpenSSL Detection
Synopsis
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the
remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS
extensions (RFC 4366).
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 517
50845 - OpenSSL Detection
Synopsis
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the
remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS
extensions (RFC 4366).
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 518
50845 - OpenSSL Detection
Synopsis
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the
remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS
extensions (RFC 4366).
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 519
10185 - POP Server Detection
Synopsis
Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients
to retrieve messages from a server, possibly across a network link.
See Also
https://en.wikipedia.org/wiki/Post_Office_Protocol
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 520
10185 - POP Server Detection
Synopsis
Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients
to retrieve messages from a server, possibly across a network link.
See Also
https://en.wikipedia.org/wiki/Post_Office_Protocol
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
10.13.100.116 521
42087 - POP3 Service STLS Command Support
Synopsis
Description
The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an
encrypted communications channel.
See Also
https://en.wikipedia.org/wiki/STARTTLS
https://tools.ietf.org/html/rfc2595
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 522
54580 - SMTP Authentication Methods
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4422
https://tools.ietf.org/html/rfc4954
Solution
Review the list of methods and whether they're available over an encrypted channel.
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 523
10263 - SMTP Server Detection
Synopsis
Description
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0932
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 524
10263 - SMTP Server Detection
Synopsis
Description
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0932
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 525
10263 - SMTP Server Detection
Synopsis
Description
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0932
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 526
42088 - SMTP Service STARTTLS Command Support
Synopsis
Description
The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an
encrypted communications channel.
See Also
https://en.wikipedia.org/wiki/STARTTLS
https://tools.ietf.org/html/rfc2487
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
Here is the SMTP service's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 527
Not Valid After: Nov 09 20:34:20 2023 GMT
10.13.100.116 528
42088 - SMTP Service STARTTLS Command Support
Synopsis
Description
The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an
encrypted communications channel.
See Also
https://en.wikipedia.org/wiki/STARTTLS
https://tools.ietf.org/html/rfc2487
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
Here is the SMTP service's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 529
Not Valid After: Nov 09 20:34:20 2023 GMT
10.13.100.116 530
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081/ssh
curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
10.13.100.116 531
chacha20-poly1305@openssh.com
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
none
zlib@openssh.com
none
zlib@openssh.com
10.13.100.116 532
149334 - SSH Password Authentication Accepted
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4252#section-8
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081/ssh
10.13.100.116 533
10881 - SSH Protocol Versions Supported
Synopsis
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081/ssh
- 1.99
- 2.0
10.13.100.116 534
153588 - SSH SHA-1 HMAC Algorithms Enabled
Synopsis
Description
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered
secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to
collisions.
Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
10.13.100.116 535
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Plugin Output
tcp/8081/ssh
10.13.100.116 536
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 537
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 538
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 539
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.116 540
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 541
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 542
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
10.13.100.116 543
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
10.13.100.116 544
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 545
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 546
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 547
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 548
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 549
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 550
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 551
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
|-Subject : CN=mail.lotusdew.in
|-Not After : Nov 09 20:34:20 2023 GMT
10.13.100.116 552
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 553
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 554
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 555
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 556
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 557
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 558
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 559
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
Subject : CN=mail.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 11 20:34:21 2023 GMT
Not valid after : Nov 9 20:34:20 2023 GMT
10.13.100.116 560
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 561
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 562
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 563
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 564
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 565
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 566
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 567
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 568
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 569
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 570
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 571
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 572
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 573
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 574
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 63 D2 16 EC D6 F4 4E 1C DC 51 86 EF AA 6E C0 EB 14
Version: 3
10.13.100.116 575
A2 A2 9B 2B 17 CC F1 2D 4E 9B 0C B4 63 4A E6 32 DB 18 32 82
6C 04 64 79 89 9C 18 E0 64 EA 6A 12 8C 2B 33 DB 0C A6 E2 3A
BE E4 7D AA 3B 32 94 A3 07 C2 63 7A D8 E8 E0 1D 8E 26 77 E4
3A 87 54 FD CE A0 72 3D EE 6B 27 6D BC 5C 9C 0A 77
Exponent: 01 00 01
10.13.100.116 576
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 577
Plugin Output
tcp/25/smtp
10.13.100.116 578
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 579
Plugin Output
tcp/110/pop3
10.13.100.116 580
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 581
Plugin Output
tcp/143/imap
10.13.100.116 582
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 583
Plugin Output
tcp/443/www
10.13.100.116 584
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 585
Plugin Output
tcp/465/smtp
10.13.100.116 586
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 587
Plugin Output
tcp/587/smtp
10.13.100.116 588
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 589
Plugin Output
tcp/993/imap
10.13.100.116 590
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.116 591
Plugin Output
tcp/995/pop3
10.13.100.116 592
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
Here is the list of SSL CBC ciphers supported by the remote server :
10.13.100.116 593
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128)
SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128)
SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) [...]
10.13.100.116 594
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.116 595
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 596
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.116 597
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 598
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.116 599
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 600
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
Here is the list of SSL CBC ciphers supported by the remote server :
10.13.100.116 601
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128)
SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128)
SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) [...]
10.13.100.116 602
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
Here is the list of SSL CBC ciphers supported by the remote server :
10.13.100.116 603
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128)
SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128)
SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) [...]
10.13.100.116 604
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.116 605
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 606
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.116 607
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 608
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 609
DHE-RSA-AES-128-CCM8-AEAD 0xC0, 0xA2 DH RSA AES-CCM8(128)
AEAD
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128)
SHA256
DHE-RSA-AES-256-CCM-AEAD 0xC0, 0x9F DH RSA AES-CCM(256)
AEAD
DHE-RSA-AES-256-CCM8-AEAD 0xC0, 0xA3 DH RSA AES-CCM8(256)
AEAD
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128)
SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA [...]
10.13.100.116 610
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 611
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
10.13.100.116 612
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 613
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
10.13.100.116 614
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.116 615
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 616
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 617
DHE-RSA-AES-128-CCM8-AEAD 0xC0, 0xA2 DH RSA AES-CCM8(128)
AEAD
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128)
SHA256
DHE-RSA-AES-256-CCM-AEAD 0xC0, 0x9F DH RSA AES-CCM(256)
AEAD
DHE-RSA-AES-256-CCM8-AEAD 0xC0, 0xA3 DH RSA AES-CCM8(256)
AEAD
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128)
SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA [...]
10.13.100.116 618
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 619
DHE-RSA-AES-128-CCM8-AEAD 0xC0, 0xA2 DH RSA AES-CCM8(128)
AEAD
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128)
SHA256
DHE-RSA-AES-256-CCM-AEAD 0xC0, 0x9F DH RSA AES-CCM(256)
AEAD
DHE-RSA-AES-256-CCM8-AEAD 0xC0, 0xA3 DH RSA AES-CCM8(256)
AEAD
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128)
SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA [...]
10.13.100.116 620
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
10.13.100.116 621
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 622
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
10.13.100.116 623
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 624
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 625
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128)
SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA Camellia-CBC(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128)
SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) [...]
10.13.100.116 626
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 627
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 628
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 629
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 630
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 631
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 632
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 633
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128)
SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA Camellia-CBC(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128)
SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) [...]
10.13.100.116 634
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 635
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128)
SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA Camellia-CBC(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128)
SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) [...]
10.13.100.116 636
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 637
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 638
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.116 639
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 640
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 641
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 642
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 643
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.116 644
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 645
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 646
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
10.13.100.116 647
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
10.13.100.116 648
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 649
Plugin Output
tcp/25/smtp
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
10.13.100.116 650
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 651
Plugin Output
tcp/110/pop3
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 652
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 653
Plugin Output
tcp/143/imap
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 654
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 655
Plugin Output
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 656
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 657
Plugin Output
tcp/465/smtp
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
10.13.100.116 658
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 659
Plugin Output
tcp/587/smtp
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
10.13.100.116 660
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 661
Plugin Output
tcp/993/imap
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 662
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.116 663
Plugin Output
tcp/995/pop3
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.116 664
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 665
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.116 666
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 667
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 668
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.116 669
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
tcp/465/smtp
10.13.100.116 670
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 671
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/800/www
10.13.100.116 672
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
tcp/993/imap
10.13.100.116 673
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
tcp/995/pop3
10.13.100.116 674
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081/ssh
10.13.100.116 675
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.116 676
62564 - TLS Next Protocols Supported
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS
connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service
may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
https://technotes.googlecode.com/git/nextprotoneg.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
h2
http/1.1
10.13.100.116 677
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 678
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 679
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 680
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/25/smtp
10.13.100.116 681
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/110/pop3
10.13.100.116 682
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/143/imap
10.13.100.116 683
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.116 684
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/465/smtp
10.13.100.116 685
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/587/smtp
10.13.100.116 686
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/993/imap
10.13.100.116 687
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/995/pop3
10.13.100.116 688
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.116 689
10.13.100.116 690
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.116 691
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :
http://10.13.100.116/1JYbPZYBRLrS.html
10.13.100.116 692
10302 - Web Server robots.txt Information Disclosure
Synopsis
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting
certain directories in a website for maintenance or indexing purposes. A malicious user may also be able
to use the contents of this file to learn of sensitive documents or directories on the affected site and either
retrieve them directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt
file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Contents of robots.txt :
User-agent: *
Disallow: /
10.13.100.116 693
10302 - Web Server robots.txt Information Disclosure
Synopsis
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting
certain directories in a website for maintenance or indexing purposes. A malicious user may also be able
to use the contents of this file to learn of sensitive documents or directories on the affected site and either
retrieve them directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt
file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
tcp/800/www
Contents of robots.txt :
User-agent: *
Disallow: /
10.13.100.116 694
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.116 695
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.116/
Version : unknown
source : Server: nginx
10.13.100.116 696
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.116/
Version : unknown
source : Server: nginx
10.13.100.116 697
10.13.100.118
0 0 2 1 35
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.118
ly
OS: Arista EOS
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.118 698
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=xeninine
|-Issuer : CN=xeninine
10.13.100.118 699
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=xeninine
10.13.100.118 700
70658 - SSH Server CBC Mode Ciphers Enabled
Synopsis
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker
to recover the plaintext message from the ciphertext.
Note that this plugin only checks for the options of the SSH server and does not check for vulnerable
software versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable
CTR or GCM cipher mode encryption.
Risk Factor
Low
VPR Score
6.5
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 32319
CVE CVE-2008-5161
XREF CERT:958563
XREF CWE:200
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.118 701
The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
aes128-cbc
aes256-cbc
aes128-cbc
aes256-cbc
10.13.100.118 702
39520 - Backported Security Patch Detection (SSH)
Synopsis
Description
Security patches may have been 'backported' to the remote SSH server without changing its version
number.
Note that this test is informational only and does not denote any security problem.
See Also
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.118 703
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
cpe:/o:Arista:EOS
10.13.100.118 704
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.118 705
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.118 706
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
content-length: 99
content-type:text/html
connection:close
cache-control:no-cache, no-store
Response Body :
10.13.100.118 707
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
content-length: 18200
connection:keep-alive
content-type:text/html
Response Body :
10.13.100.118 708
var $temp = $('<input>')
$('body').append($temp)
$temp.val($(element).text()).select()
document.execCommand('copy')
$temp.remove()
}
</script>
<link rel="stylesheet" href="asset/jquery.modal.min.css" />
<link rel="stylesheet" href="asset/flexboxgrid.min.css" type="text/css" />
<link rel="stylesheet" href="asset/fontawesome-pro-5.8.1-web/css/all.css" />
<link rel="icon" type="image/png" href="asset/favicon.png" />
<style type="text/css">
/*-------------
General
-------------*/
html {
font: normal 16px sans-serif;
color: #555;
background-color: #f7f7f7;
}
.wrap {
max-width: 1280px;
}
.row {
text-align: center;
margin: 0 auto;
}
.danger {
color: #d9534f;
}
p {
text-align: center;
padding: 0.5em 1em;
margin: 0;
}
a {
color: inherit;
cursor: pointer;
opacity: 0.9;
}
a:hover {
opacity: 1;
}
a.btn {
text-decoration: none;
color: #fff;
border-radius: 4px;
text-transform: uppercase;
background-color: #cc584c; /* xcp-ng red */
[...]
10.13.100.118 709
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 562 seconds.
10.13.100.118 710
106658 - JQuery Detection
Synopsis
Description
See Also
https://jquery.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.118/asset/jquery-3.6.0.min.js
Version : 3.6.0
10.13.100.118 711
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.118 712
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.118 713
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.118 714
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.118 715
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:03 India Standard Time
Scan duration : 1237 sec
Scan for malware : no
10.13.100.118 716
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
SSH:!:SSH-2.0-OpenSSH_7.4
SSLcert:!:i/CN:xeninines/CN:xeninine
d376a537d3b3500517090e72d7d0d98def74e464
SinFP:!:
P1:B10113:F0x12:W29200:O0204ffff:M1460:
P2:B10113:F0x12:W28960:O0204ffff0402080affffffff4445414401030307:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:190701_7_p=22
10.13.100.118 717
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.13.100.118 718
181418 - OpenSSH Detection
Synopsis
Description
See Also
https://www.openssh.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
Path : /
Version : 7.4
10.13.100.118 719
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
curve25519-sha256
diffie-hellman-group14-sha1
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
10.13.100.118 720
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
hmac-sha1
hmac-sha2-256
hmac-sha2-512
hmac-sha1
hmac-sha2-256
hmac-sha2-512
none
zlib@openssh.com
none
zlib@openssh.com
10.13.100.118 721
149334 - SSH Password Authentication Accepted
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4252#section-8
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.118 722
10881 - SSH Protocol Versions Supported
Synopsis
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
- 1.99
- 2.0
10.13.100.118 723
153588 - SSH SHA-1 HMAC Algorithms Enabled
Synopsis
Description
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered
secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to
collisions.
Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
10.13.100.118 724
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.118 725
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.118 726
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Serial Number: 00 BA 36 68 3A 76 8D 53 52
Version: 3
10.13.100.118 727
9B BC 3F F2 57 5D 61 8C 82 45 48 5F 6A 19 07 31 DD FB 80 D4
48 D0 A6 7C 0F B3 FE 63 90 BE 3B 91 81 E1 AC 1A 23
Exponent: 01 00 01
10.13.100.118 728
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
10.13.100.118 729
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.118 730
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.118 731
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.118 732
62563 - SSL Compression Methods Supported
Synopsis
The remote service supports one or more compression methods for SSL connections.
Description
This script detects which compression methods are supported by the remote service for SSL connections.
See Also
http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml
https://tools.ietf.org/html/rfc3749
https://tools.ietf.org/html/rfc3943
https://tools.ietf.org/html/rfc5246
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
DEFLATE (0x01)
10.13.100.118 733
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
10.13.100.118 734
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.118 735
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.118 736
Plugin Output
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.118 737
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.118 738
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.118 739
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.118 740
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.118 741
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.118 742
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.118 743
10.13.100.118 744
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.118 745
10.13.100.119
0 0 3 0 48
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.119
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
10194 - HTTP Proxy POST Request Relaying
Synopsis
se
Interactive sessions can be open through the HTTP proxy.
lU
Description
POST http://cvs.nessus.org:21
ia
This request may give an attacker the ability to have an interactive session.
Tr
This problem may allow attackers to go through your firewall, by connecting to sensitive ports like 23
(telnet) using your proxy, or it can allow internal users to bypass the firewall rules and connect to ports they
should not be allowed to.
In addition to that, your proxy may be used to perform attacks against other networks.
r
Solution
Fo
Reconfigure your proxy so that only the users of the internal network can use it, and so that it can not
connect to dangerous ports (1-1024).
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
10.13.100.119 746
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/3128/http_proxy
10.13.100.119 747
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.119 748
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=api.lotusdew.in
|-Not After : Mar 06 05:18:56 2023 GMT
10.13.100.119 749
15901 - SSL Certificate Expiry
Synopsis
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and
reports whether any have already expired.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
Subject : CN=api.lotusdew.in
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Dec 6 05:18:57 2022 GMT
Not valid after : Mar 6 05:18:56 2023 GMT
10.13.100.119 750
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.119 751
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.119 752
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each
directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the
response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access
GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed
unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web
applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if
it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any
security vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7000/www
10.13.100.119 753
Based on the response to an OPTIONS request :
10.13.100.119 754
10192 - HTTP Proxy CONNECT Request Relaying
Synopsis
An HTTP proxy running on the remote host can be used to establish interactive sessions.
Description
CONNECT http://cvs.example.org:23
This request gives the person who made it the ability to have an interactive session with a third-party site.
This issue may allow attackers to bypass your firewall by connecting to sensitive ports such as 23 (telnet)
via the proxy, or it may allow internal users to bypass the firewall rules and connect to ports or sites they
should not be allowed to.
In addition, your proxy may be used to perform attacks against other networks.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
10.13.100.119 755
10195 - HTTP Proxy Open Relay Detection
Synopsis
Description
The remote web proxy accepts unauthenticated HTTP requests from the Nessus scanner. By routing
requests through the affected proxy, a user may be able to gain some degree of anonymity while browsing
websites, which will see requests as originating from the remote host itself rather than the user's host.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
10.13.100.119 756
11305 - HTTP Proxy Open gopher:// Request Relaying
Synopsis
Description
Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-
compatible software is generally less audited and more likely to contain security bugs than others.
By making gopher requests, an attacker may evade your firewall settings, by making connections to port
70, or may even exploit arcane flaws in this protocol to gain more privileges on this host.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
10.13.100.119 757
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx/1.18.0 (Ubuntu)
10.13.100.119 758
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/3128/http_proxy
squid/5.2
10.13.100.119 759
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
10.13.100.119 760
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
10.13.100.119 761
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
Server: squid/5.2
Mime-Version: 1.0
Date: Mon, 09 Oct 2023 09:28:46 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3515
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from esign-HVM-domU
X-Cache-Lookup: NONE from esign-HVM-domU:3128
Via: 1.1 esign-HVM-domU (squid/5.2)
Connection: close
Response Body :
10.13.100.119 762
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
/*
* Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
*/
/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/
/* Page basics */
* {
font-family: verdana, sans-serif;
}
html body {
margin: 0;
padding: 0;
background: #efefef;
font-size: 12px;
color: #1e1e1e;
}
/* initial title */
#titles h1 {
color: #000000;
}
#titles h2 {
color: #000000;
}
/* General text */
p {
}
/* [...]
10.13.100.119 763
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7000/www
Location: https://www.lotusdew.in/
Content-Length: 0
Date: Mon, 09 Oct 2023 09:28:46 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Response Body :
10.13.100.119 764
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 563 seconds.
10.13.100.119 765
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.119 766
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.119 767
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.119 768
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
10.13.100.119 769
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/7000/www
10.13.100.119 770
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.119 771
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:06 India Standard Time
Scan duration : 1012 sec
Scan for malware : no
10.13.100.119 772
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.119 773
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.13.100.119 774
181418 - OpenSSH Detection
Synopsis
Description
See Also
https://www.openssh.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
Path : /
Version : 8.9p1
Distribution : ubuntu-3ubuntu0.3
10.13.100.119 775
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
10.13.100.119 776
chacha20-poly1305@openssh.com
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
none
zlib@openssh.com
none
zlib@openssh.com
10.13.100.119 777
149334 - SSH Password Authentication Accepted
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4252#section-8
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.119 778
10881 - SSH Protocol Versions Supported
Synopsis
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
- 1.99
- 2.0
10.13.100.119 779
153588 - SSH SHA-1 HMAC Algorithms Enabled
Synopsis
Description
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered
secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to
collisions.
Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
10.13.100.119 780
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.119 781
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.119 782
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 64 83 AA D5 8D 54 D3 70 39 F5 F8 A3 4C B4 4E 3A 48
Version: 3
10.13.100.119 783
49 8E 45 A3 95 F3 80 21 44 BA 95 FA 3E 7A 82 B0 55 BE E9 C0
D5 A0 5B AB D1 39 FA 92 05 CB 4D D6 ED 4B 70 3B 8D 26 1B 55
67 04 D6 4D D0 40 1A F2 23 EC 2D 97 79 1D 6B 74 5B 2A C0 09
DD 63 15 71 F3 34 FE A4 50 3F 48 3C 97 CB 78 E0 0D
Exponent: 01 00 01
10.13.100.119 784
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.119 785
Plugin Output
tcp/443/www
10.13.100.119 786
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.119 787
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.119 788
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.119 789
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.119 790
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.119 791
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.119 792
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.119 793
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.119 794
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
tcp/3128/http_proxy
10.13.100.119 795
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7000/www
10.13.100.119 796
91459 - SolarWinds Server & Application Monitor (SAM) Detection
Synopsis
A server and application performance monitoring solution is running on the remote host.
Description
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution,
is running on the remote host.
See Also
https://www.solarwinds.com/server-application-monitor
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
URL : http://10.13.100.119:3128/
Version : unknown
10.13.100.119 797
49692 - Squid Proxy Version Detection
Synopsis
It was possible to obtain the version number of the remote Squid proxy server.
Description
The remote host is running the Squid proxy server, an open source proxy server. It was possible to read the
version number from the banner.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3128/http_proxy
URL : http://10.13.100.119:3128/
Version : 5.2
Source : Server: squid/5.2
10.13.100.119 798
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.119 799
62564 - TLS Next Protocols Supported
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS
connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service
may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
https://technotes.googlecode.com/git/nextprotoneg.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
http/1.1
10.13.100.119 800
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.119 801
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.119 802
10.13.100.119 803
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.119 804
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.119 805
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.119/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.119 806
10.13.100.120
0 0 0 0 7
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.120
ly
OS: iPhone or iPad
On
Vulnerabilities
54615 - Device Type
Synopsis
se
It is possible to guess the remote device type.
lU
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
ia
Solution
n/a
Tr
Risk Factor
None
Plugin Information
r
Plugin Output
tcp/0
10.13.100.120 807
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/62078
10.13.100.120 808
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.120 809
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:13 India Standard Time
Scan duration : 346 sec
Scan for malware : no
10.13.100.120 810
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.120 811
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/62078
10.13.100.120 812
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.120 813
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.120 814
10.13.100.125
0 0 3 1 37
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.125
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
18405 - Remote Desktop Protocol Server Man-in-the-Middle Weakness
Synopsis
se
It may be possible to get access to the remote host.
lU
Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-
the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting
up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption
with the client and server without being detected. A MiTM attack of this nature would allow the attacker to
ia
This flaw exists because the RDP server stores a publicly known hard-coded RSA private key. Any attacker in
Tr
a privileged network location can use the key for this attack.
See Also
http://www.nessus.org/u?8033da0d
r
Solution
Fo
- Force the use of SSL as a transport layer for this service if supported, or/and
- On Microsoft Windows operating systems, select the 'Allow connections only from computers running
Remote Desktop with Network Level Authentication' setting if it is available.
Risk Factor
Medium
10.13.100.125 815
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
VPR Score
2.5
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 13818
CVE CVE-2005-1794
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.125 816
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.125 817
Plugin Information
Plugin Output
tcp/3389/msrdp
|-Subject : CN=ubuntu
|-Issuer : CN=ubuntu
10.13.100.125 818
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/3389/msrdp
|-Subject : CN=ubuntu
10.13.100.125 819
10407 - X Server Detection
Synopsis
Description
The remote host is running an X11 server. X11 is a client-server protocol that can be used to display
graphical applications running on a given host on a remote client.
Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection.
Solution
Restrict access to this port. If the X11 client/server facility is not used, disable TCP support in X11 entirely (-
nolisten tcp).
Risk Factor
Low
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/6001/x11
10.13.100.125 820
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.125/
Version : 2.4.99
Source : Server: Apache/2.4.41 (Ubuntu)
backported : 1
os : ConvertedUbuntu
10.13.100.125 821
39520 - Backported Security Patch Detection (SSH)
Synopsis
Description
Security patches may have been 'backported' to the remote SSH server without changing its version
number.
Note that this test is informational only and does not denote any security problem.
See Also
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.125 822
39521 - Backported Security Patch Detection (WWW)
Synopsis
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version
number.
Note that this test is informational only and does not denote any security problem.
See Also
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.125 823
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.125 824
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.125 825
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each
directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the
response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access
GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed
unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web
applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if
it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any
security vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.125 826
Based on the response to an OPTIONS request :
10.13.100.125 827
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
Apache/2.4.41 (Ubuntu)
10.13.100.125 828
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
10.13.100.125 829
Last updated: 2016-11-16
See: https://launchpad.net/bugs/1288690
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache2 Ubuntu Default Page: It works</title>
<style type="text/css" media="screen">
* {
margin: 0px 0px 0px 0px;
padding: 0px 0px 0px 0px;
}
body, html {
padding: 3px 3px 3px 3px;
background-color: #D8DBE2;
div.main_page {
position: relative;
display: table;
width: 800px;
margin-bottom: 3px;
margin-left: auto;
margin-right: auto;
padding: 0px 0px 0px 0px;
border-width: 2px;
border-color: #212738;
border-style: solid;
background-color: #FFFFFF;
text-align: center;
}
div.page_header {
height: 99px;
width: 100%;
background-color: #F5F6F7;
}
div.page_header span {
margin: 15px 0px 0px 50px;
font-size: 180%;
font-weight: bold;
}
div.page_header img {
margin: 3px 0px 0px 40px;
div.table_of_contents {
clear: left;
min-width: 200px;
background-color: #FFFFFF;
10.13.100.125 830
text-align: left;
}
div.table_of_contents_item {
clear: left;
width: 100%;
backgroun [...]
10.13.100.125 831
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is -17778 seconds.
10.13.100.125 832
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.125 833
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.125 834
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.125 835
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/6001/x11
10.13.100.125 836
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.125 837
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:17 India Standard Time
Scan duration : 459 sec
Scan for malware : no
10.13.100.125 838
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.125 839
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.13.100.125 840
181418 - OpenSSH Detection
Synopsis
Description
See Also
https://www.openssh.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
Path : /
Version : 8.2p1
Distribution : ubuntu-4ubuntu0.9
10.13.100.125 841
10940 - Remote Desktop Protocol Service Detection
Synopsis
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a
local user on the remote host).
If an attacker gains a valid login and password, this service could be used to gain further access on the
remote host. An attacker may also use this service to mount a dictionary attack against the remote host to
try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for
attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.125 842
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
10.13.100.125 843
chacha20-poly1305@openssh.com
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
none
zlib@openssh.com
none
zlib@openssh.com
10.13.100.125 844
149334 - SSH Password Authentication Accepted
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4252#section-8
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.125 845
10881 - SSH Protocol Versions Supported
Synopsis
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
- 1.99
- 2.0
10.13.100.125 846
153588 - SSH SHA-1 HMAC Algorithms Enabled
Synopsis
Description
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered
secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to
collisions.
Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
10.13.100.125 847
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.125 848
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.125 849
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
Subject Name:
Issuer Name:
Serial Number: 17 6B CD D6 DD 79 21 06 75 E4 9E 77 BE CF A9 A2 53 31 58 79
Version: 3
10.13.100.125 850
77 91 BB 11 9B D6 49 C6 C5 50 2B 02 F9 22 F5 9E CC 77 9D 7C
79 1D B2 01 0E 49 E9 C7 E0 87 5A B4 7E 45 7A A0 2B
Exponent: 01 00 01
10.13.100.125 851
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
Here is the list of SSL CBC ciphers supported by the remote server :
10.13.100.125 852
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.125 853
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.125 854
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128)
SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256)
SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA [...]
10.13.100.125 855
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.125 856
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.125 857
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.125 858
Plugin Output
tcp/3389/msrdp
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.125 859
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.125 860
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.125 861
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.125 862
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.125 863
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.125 864
10.13.100.125 865
64814 - Terminal Services Use SSL/TLS
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
Subject Name:
Issuer Name:
Serial Number: 17 6B CD D6 DD 79 21 06 75 E4 9E 77 BE CF A9 A2 53 31 58 79
Version: 3
10.13.100.125 866
77 91 BB 11 9B D6 49 C6 C5 50 2B 02 F9 22 F5 9E CC 77 9D 7C
79 1D B2 01 0E 49 E9 C7 E0 87 5A B4 7E 45 7A A0 2B
Exponent: 01 00 01
10.13.100.125 867
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.125 868
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.125 869
10.13.100.126
0 0 0 0 2
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.126
ly
Vulnerabilities
On
19506 - Nessus Scan Information
Synopsis
Description
se
lU
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
10.13.100.126 870
Plugin Information
Plugin Output
tcp/0
10.13.100.126 871
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
10.13.100.126 872
An error was detected along the way.
10.13.100.126 873
ttl was greater than 50 - Completing Traceroute.
? [...]
10.13.100.126 874
10.13.100.131
0 0 2 0 38
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.131
ly
OS: Nutanix
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.131 875
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 876
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 877
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.131 878
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.131 879
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Location: /signin
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Date: Mon, 09 Oct 2023 09:53:30 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Response Body :
10.13.100.131 880
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Location: /signin
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Date: Mon, 09 Oct 2023 09:54:25 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Response Body :
10.13.100.131 881
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.131 882
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.131 883
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 884
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.131 885
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:22 India Standard Time
Scan duration : 1379 sec
Scan for malware : no
10.13.100.131 886
42823 - Non-compliant Strict Transport Security (STS)
Synopsis
Description
The remote web server implements Strict Transport Security. However, it does not respect all the
requirements of the STS draft standard.
See Also
http://www.nessus.org/u?2fb3aca6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.131 887
42823 - Non-compliant Strict Transport Security (STS)
Synopsis
Description
The remote web server implements Strict Transport Security. However, it does not respect all the
requirements of the STS draft standard.
See Also
http://www.nessus.org/u?2fb3aca6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 888
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.131 889
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.13.100.131 890
181418 - OpenSSH Detection
Synopsis
Description
See Also
https://www.openssh.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
Path : /
Version : 8.4p1
Distribution : debian-5+deb11u2
10.13.100.131 891
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
10.13.100.131 892
chacha20-poly1305@openssh.com
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
none
zlib@openssh.com
none
zlib@openssh.com
10.13.100.131 893
149334 - SSH Password Authentication Accepted
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4252#section-8
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.131 894
153588 - SSH SHA-1 HMAC Algorithms Enabled
Synopsis
Description
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered
secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to
collisions.
Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
10.13.100.131 895
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.131 896
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 897
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 898
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 899
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Country: AU
State/Province: Some-State
Organization: Internet Widgits Pty Ltd
Issuer Name:
Country: AU
State/Province: Some-State
Organization: Internet Widgits Pty Ltd
Serial Number: 57 7A 4C 29 B0 67 4A 4E EF 98 4D A7 B9 B3 3A 79 CF C0 C7 2A
Version: 3
10.13.100.131 900
7F 8B E0 15 45 77 46 14 23 88 E5 03 5F 8C 65 C2 06 A2 BB 5A
38 67 8B 8D 20 C7 72 29 03 9F C0 2F A2 81 46 32 B7 9A AF 17
72 4B A8 27 ED A4 12 D6 53 0D 4A 90 37 45 2B 41 7F AC E5 6E
F9 6D AE EC A1 1A 6D BD 6C 20 D1 33 83 D8 74 BA E7 CE CE DA
E5 FB 5C CB 04 A6 14 A7 E8 BE 78 A7 4E 06 7C 7A 5F 8D 9E 3B
12 03 E6 D4 D8 7A 4A 0B DD 3A 20 E5 1E 48 50 F8 75
Exponent: 01 00 01
10.13.100.131 901
159544 - SSL Certificate with no Common Name
Synopsis
Description
The remote system is providing an SSL/TLS certificate without a subject common name field. While this is
not required in all cases, it is recommended to ensure broad compatibility.
See Also
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Country: AU
State/Province: Some-State
Organization: Internet Widgits Pty Ltd
Issuer Name:
Country: AU
State/Province: Some-State
Organization: Internet Widgits Pty Ltd
Serial Number: 57 7A 4C 29 B0 67 4A 4E EF 98 4D A7 B9 B3 3A 79 CF C0 C7 2A
Version: 3
10.13.100.131 902
Key Length: 2048 bits
Public Key: 00 94 20 89 4D 39 85 5A 33 33 9D DF C3 62 AC 7C 17 BE B2 FB
55 4F 9A EF 96 BD FE B3 70 3D 7E E0 81 E9 2C 5B 1A 90 41 18
2E B3 33 B6 C4 98 8C 30 3C CD EC E1 B8 37 BE 19 7B 3B 67 A0
4E 92 2D A9 68 8F BD 78 32 5C 6B AF B2 C6 6E B7 43 69 E7 96
D2 FE C9 72 37 85 4F 7B 9F 18 E5 36 73 B6 11 B5 3C 99 06 2D
B5 82 4C E5 6C D7 B5 07 D8 82 B4 23 13 16 AC 4C 09 82 4E 28
B8 8B A6 8C 4E CB BD 43 FD 48 D1 AF 1A D4 91 8F 48 D3 53 E9
7F 8B E0 15 45 77 46 14 23 88 E5 03 5F 8C 65 C2 06 A2 BB 5A
38 67 8B 8D 20 C7 72 29 03 9F C0 2F A2 81 46 32 B7 9A AF 17
72 4B A8 27 ED A4 12 D6 53 0D 4A 90 37 45 2B 41 7F AC E5 6E
F9 6D AE EC A1 1A 6D BD 6C 20 D1 33 83 D8 74 BA E7 CE CE DA
E5 FB 5C CB 04 A6 14 A7 E8 BE 78 A7 4E 06 7C 7A 5F 8D 9E 3B
12 03 E6 D4 D8 7A 4A 0B DD 3A 20 E5 1E 48 50 F8 75
Exponent: 01 00 01
10.13.100.131 903
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
10.13.100.131 904
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.131 905
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 906
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
RSA-AES-128-CCM-AEAD 0xC0, 0x9C RSA RSA AES-CCM(128)
AEAD
RSA-AES-128-CCM8-AEAD 0xC0, 0xA0 RSA RSA AES-CCM8(128)
AEAD
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128)
SHA256
RSA-AES-256-CCM-AEAD 0xC0, 0x9D RSA RSA AES-CCM(256)
AEAD
RSA-AES-256-CCM8-AEAD 0xC0, 0xA1 RSA RSA AES-CCM8(256)
AEAD
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA [...]
10.13.100.131 907
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.131 908
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.131 909
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 910
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.131 911
Plugin Output
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.131 912
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.131 913
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.131 914
42822 - Strict Transport Security (STS) Detection
Synopsis
Description
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as
'secure' and to close the connection in the event of potentially insecure situations.
See Also
http://www.nessus.org/u?2fb3aca6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.131 915
42822 - Strict Transport Security (STS) Detection
Synopsis
Description
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as
'secure' and to close the connection in the event of potentially insecure situations.
See Also
http://www.nessus.org/u?2fb3aca6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 916
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.131 917
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.131 918
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.131 919
10.13.100.131 920
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.131 921
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :
http://10.13.100.131/VPFcQO9qr8e0.html
10.13.100.131 922
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :
https://10.13.100.131/VPFcQO9qr8e0.html
10.13.100.131 923
10.13.100.137
0 0 0 0 2
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.137
ly
Vulnerabilities
On
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
se
lU
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
ia
Solution
Tr
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
r
Fo
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
10.13.100.137 924
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is 35844 seconds.
10.13.100.137 925
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.137 926
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:24 India Standard Time
Scan duration : 528 sec
Scan for malware : no
10.13.100.137 927
10.13.100.139
0 0 1 0 55
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.139
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.139 928
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
10.13.100.139 929
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.139 930
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.139 931
62351 - Erlang Port Mapper Daemon Detection
Synopsis
Description
The remote host is running Erlang Port Mapper Daemon, which acts as a name server on all hosts involved
in distributed Erlang computations.
See Also
http://erlang.org/doc/man/epmd.html
http://erlang.org/doc/apps/erts/erl_dist_protocol.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4369/epmd
brokeragenode (35833/tcp)
10.13.100.139 932
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx/1.18.0 (Ubuntu)
10.13.100.139 933
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/4000/www
Cowboy
10.13.100.139 934
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8000/www
Cowboy
10.13.100.139 935
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/9000/www
Cowboy
10.13.100.139 936
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/32000/www
Cowboy
10.13.100.139 937
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.139 938
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
10.13.100.139 939
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
10.13.100.139 940
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.139 941
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
10.13.100.139 942
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
10.13.100.139 943
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.139 944
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="HQ0xEwsgGDQZHG8RIBR2figyPCUKBgwcZoibxj-qHx5DGvFNwJmAN_Zh">
<title data-suffix=" · Lotusdew Securities">BrokerWeb · Lotusdew Securities</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<body>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<div class="login-container">
<!--<div class="login-left">
<img src = "/images/login.png" class="login-img" />
</div> !-->
<div class="login-right">
<h3 class="login-header">Welcome Back</h3>
<div class="login-content">
<div class="card-cont">
<form action="/" method="post"><input name="_csrf_token" type="hidden" hidden
value="HQ0xEwsgGDQZHG8RIBR2figyPCUKBgwcZoibxj-qHx5DGvFNwJmAN_Zh">
10.13.100.139 945
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
Response Body :
10.13.100.139 946
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
Response Body :
10.13.100.139 947
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="W21KBHUCHTkjAkRKMwgGOQFAEXQFFjMrj996EiYNje68gkqRu-wLqBC_">
<title data-suffix=" · Phoenix Framework">Chart · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/css/app.css">
<script defer phx-track-static type="text/javascript" src="/js/app.js"></script>
</head>
<body>
<header>
<h2 style="text-align: center;">Candle Demo</h2>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<section class="phx-hero">
<h1>Welcome to Phoenix!</h1>
<p>Peace of mind from prototype to production</p>
</section>
<section class="row">
<article class="column">
<h2>Resources</h2>
<ul>
<li>
<a href="https://hexdocs.pm/phoenix/overview.html">Guides & Docs</a>
</li>
<li>
<a href="https://github.com/phoenixframework/phoenix">Source</a>
</li>
<li>
<a href="https://github.com/phoenixframework/phoenix/blob/v1.6/CHANGELOG.md">v1.6
Changelog</a>
</li>
</ul>
</article>
<article class="column">
<h2>Help</h2>
<ul>
<li>
[...]
10.13.100.139 948
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.139 949
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="Lll-ZgJAPzobLy8QMS06MkJlPgceDTE4v2N_p-u_ajEghlTC-HxOQUPl" name="csrf-token">
<title data-suffix=" · Phoenix Framework">TradeBook · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<header>
<section class="container">
<nav>
<ul>
<li><a href="https://hexdocs.pm/phoenix/overview.html">Get Started</a></li>
<li><a href="/dashboard">LiveDashboard</a></li>
</ul>
</nav>
<a href="https://phoenixframework.org/" class="phx-logo">
<img src="/images/phoenix.png" alt="Phoenix Framework Logo">
</a>
</section>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<section class="phx-hero">
<h1>Welcome to Phoenix!</h1>
<p>Peace of mind from prototype to production</p>
</section>
<section class="row">
<article class="column">
<h2>Resources</h2>
<ul>
<li>
<a href="https://hexdocs.pm/phoenix/overview.html">Guides & Docs</a>
</li>
<li>
<a href="https:/ [...]
10.13.100.139 950
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.139 951
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="a0U3RQwbLCguElMzOHMqaQYicQ0BLSgS42B7ViGfXagZrDePcA6fXggc" name="csrf-token">
<title data-suffix=" · Phoenix Framework">TestApi · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<header>
<section class="container">
<nav>
<ul>
<li><a href="https://hexdocs.pm/phoenix/overview.html">Get Started</a></li>
<li><a href="/dashboard">LiveDashboard</a></li>
</ul>
</nav>
<a href="https://phoenixframework.org/" class="phx-logo">
<img src="/images/phoenix.png" alt="Phoenix Framework Logo">
</a>
</section>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<section class="phx-hero">
<h1>Welcome to Phoenix!</h1>
<p>Peace of mind from prototype to production</p>
</section>
<section class="row">
<article class="column">
<h2>Resources</h2>
<ul>
<li>
<a href="https://hexdocs.pm/phoenix/overview.html">Guides & Docs</a>
</li>
<li>
<a href="https://g [...]
10.13.100.139 952
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
10.13.100.139 953
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.139 954
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.139 955
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.139 956
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4369/epmd
10.13.100.139 957
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.139 958
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5555
10.13.100.139 959
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
10.13.100.139 960
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
10.13.100.139 961
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.139 962
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.139 963
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:25 India Standard Time
Scan duration : 1183 sec
Scan for malware : no
10.13.100.139 964
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.139 965
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.139 966
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=airalgo.com
|-Not After : Nov 14 05:31:50 2023 GMT
10.13.100.139 967
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject : CN=airalgo.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 16 05:31:51 2023 GMT
Not valid after : Nov 14 05:31:50 2023 GMT
10.13.100.139 968
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 10 BB 2B 02 31 D3 90 37 0A 53 0B EF 2F 52 C3 19 B6
Version: 3
10.13.100.139 969
28 DA E0 EA 05 E0 5B 7C 7B 9A 0A 08 0F 55 EF 81 8A CF F9 86
01 F0 D5 D5 86 1A 34 8A A2 2B 5E 7C E3 59 5F A8 1C 7C 56 12
78 FA 65 22 CD 5C 8D 69 67 2D 59 85 24 C0 92 8E 65 9A 5A DD
58 D3 99 FA C6 26 74 1C CC 9A 4E A0 10 04 67 83 A9
Exponent: 01 00 01
10.13.100.139 970
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.139 971
Plugin Output
tcp/443/www
10.13.100.139 972
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.139 973
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.139 974
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.139 975
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.139 976
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.139 977
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.139 978
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.139 979
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.139 980
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.139 981
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
10.13.100.139 982
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
10.13.100.139 983
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.139 984
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.139 985
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.139 986
62564 - TLS Next Protocols Supported
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS
connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service
may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
https://technotes.googlecode.com/git/nextprotoneg.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
http/1.1
10.13.100.139 987
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.139 988
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.139 989
11765 - UPnP TCP Helper Detection
Synopsis
Description
If the tested network is not a home network, you should disable this service.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.139 990
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5555
If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :
Port : 5555
Type : get_http
Banner :
0x00: 68 69 73 74 6F 72 79 20 6F 66 20 6C 74 20 6E 6F history of lt no
0x10: 74 20 66 6F 75 6E 64 20 66 6F 72 20 74 68 69 73 t found for this
0x20: 20 74 6F 6B 65 6E token
10.13.100.139 991
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.139 992
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.139/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.139 993
10.13.100.140
0 0 0 0 29
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.140
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
45590 - Common Platform Enumeration (CPE)
Synopsis
se
It was possible to enumerate CPE names that matched on the remote system.
lU
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
ia
See Also
Tr
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
r
Solution
Fo
n/a
Risk Factor
None
Plugin Information
Plugin Output
10.13.100.140 994
tcp/0
10.13.100.140 995
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.140 996
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Location: /signin
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Date: Mon, 09 Oct 2023 09:54:09 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Response Body :
10.13.100.140 997
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 562 seconds.
10.13.100.140 998
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.140 999
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.140 1000
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/111/rpc-portmapper
10.13.100.140 1001
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.140 1002
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:31 India Standard Time
Scan duration : 464 sec
Scan for malware : no
10.13.100.140 1003
42823 - Non-compliant Strict Transport Security (STS)
Synopsis
Description
The remote web server implements Strict Transport Security. However, it does not respect all the
requirements of the STS draft standard.
See Also
http://www.nessus.org/u?2fb3aca6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.140 1004
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.140 1005
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.13.100.140 1006
181418 - OpenSSH Detection
Synopsis
Description
See Also
https://www.openssh.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
Path : /
Version : 8.9p1
Distribution : ubuntu-3ubuntu0.3
10.13.100.140 1007
11111 - RPC Services Enumeration
Synopsis
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services
running on the remote port. Using this information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/111/rpc-portmapper
10.13.100.140 1008
11111 - RPC Services Enumeration
Synopsis
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services
running on the remote port. Using this information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/111/rpc-portmapper
10.13.100.140 1009
53335 - RPC portmapper (TCP)
Synopsis
Description
The portmapper allows someone to get the port number of each RPC service running on the remote host
by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/111/rpc-portmapper
10.13.100.140 1010
10223 - RPC portmapper Service Detection
Synopsis
Description
The portmapper allows someone to get the port number of each RPC service running on the remote host
by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
0.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0632
Plugin Information
Plugin Output
udp/111/rpc-portmapper
10.13.100.140 1011
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
10.13.100.140 1012
chacha20-poly1305@openssh.com
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
none
zlib@openssh.com
none
zlib@openssh.com
10.13.100.140 1013
149334 - SSH Password Authentication Accepted
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4252#section-8
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.140 1014
10881 - SSH Protocol Versions Supported
Synopsis
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
- 1.99
- 2.0
10.13.100.140 1015
153588 - SSH SHA-1 HMAC Algorithms Enabled
Synopsis
Description
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered
secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to
collisions.
Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
10.13.100.140 1016
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.140 1017
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.140 1018
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.140 1019
42822 - Strict Transport Security (STS) Detection
Synopsis
Description
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as
'secure' and to close the connection in the event of potentially insecure situations.
See Also
http://www.nessus.org/u?2fb3aca6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.140 1020
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.140 1021
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.140 1022
10.13.100.140 1023
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.140 1024
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :
http://10.13.100.140/Fy81U13HcTTL.html
10.13.100.140 1025
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.140 1026
10.13.100.144
0 0 0 0 23
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.144
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
45590 - Common Platform Enumeration (CPE)
Synopsis
se
It was possible to enumerate CPE names that matched on the remote system.
lU
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
ia
See Also
Tr
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
r
Solution
Fo
n/a
Risk Factor
None
Plugin Information
Plugin Output
10.13.100.144 1027
tcp/0
10.13.100.144 1028
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.144 1029
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/4000/www
Cowboy
10.13.100.144 1030
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.144 1031
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.144 1032
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="NHIKZwBfICt6OBokUgUhHxk0Mw8OKgx_mKSR79kaLBtGgFOxmbugjpO2">
<title data-suffix=" · Phoenix Framework">CrmUpdated · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
<script src="https://cdn.tiny.cloud/1/8tdyc9vrq6iqtd6sdt80jjjls941wgc3wa22q7431mamo46d/
tinymce/5/tinymce.min.js"></script>
</head>
<body>
<main class="main-container">
<p class="alert alert-info" role="alert" phx-click="lv:clear-flash" phx-value-key="info"></p>
10.13.100.144 1033
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 563 seconds.
10.13.100.144 1034
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.144 1035
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.144 1036
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.144 1037
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:33 India Standard Time
Scan duration : 639 sec
Scan for malware : no
10.13.100.144 1038
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.144 1039
117886 - OS Security Patch Assessment Not Available
Synopsis
Description
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment.
Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is
not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks
Not Supported' will report concurrently with this plugin.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0515
Plugin Information
Plugin Output
tcp/0
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.13.100.144 1040
181418 - OpenSSH Detection
Synopsis
Description
See Also
https://www.openssh.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
Path : /
Version : 8.9p1
Distribution : ubuntu-3ubuntu0.4
10.13.100.144 1041
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
10.13.100.144 1042
chacha20-poly1305@openssh.com
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
none
zlib@openssh.com
none
zlib@openssh.com
10.13.100.144 1043
149334 - SSH Password Authentication Accepted
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc4252#section-8
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.144 1044
10881 - SSH Protocol Versions Supported
Synopsis
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
- 1.99
- 2.0
10.13.100.144 1045
153588 - SSH SHA-1 HMAC Algorithms Enabled
Synopsis
Description
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered
secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to
collisions.
Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are
supported :
hmac-sha1
hmac-sha1-etm@openssh.com
10.13.100.144 1046
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.144 1047
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22/ssh
10.13.100.144 1048
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.144 1049
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.144 1050
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the
scan policy.
Description
Nessus was not able to successfully authenticate directly to the remote target on an available
authentication protocol. Nessus was able to connect to the remote port and identify that the service
running on the port supports an authentication protocol, but Nessus failed to authenticate to the
remote service using the provided credentials. There may have been a protocol failure that prevented
authentication from being attempted or all of the provided credentials for the authentication protocol may
be invalid. See plugin output for error details.
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and
not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were
provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the
value of successful authentication for a given protocol may vary from target to target depending upon what
data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is
more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is
more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0504
Plugin Information
Plugin Output
tcp/0
10.13.100.144 1051
10.13.100.144 1052
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.144 1053
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.144 1054
10.13.100.147
0 0 1 0 83
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.147
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.147 1055
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
10.13.100.147 1056
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.147 1057
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.147 1058
62351 - Erlang Port Mapper Daemon Detection
Synopsis
Description
The remote host is running Erlang Port Mapper Daemon, which acts as a name server on all hosts involved
in distributed Erlang computations.
See Also
http://erlang.org/doc/man/epmd.html
http://erlang.org/doc/apps/erts/erl_dist_protocol.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4369/epmd
brokeragenode (41615/tcp)
rmsnode (44905/tcp)
10.13.100.147 1059
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.147 1060
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx/1.22.0 (Ubuntu)
10.13.100.147 1061
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
nginx/1.22.0 (Ubuntu)
10.13.100.147 1062
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/4000/www
Cowboy
10.13.100.147 1063
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/4001/www
Cowboy
10.13.100.147 1064
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/4040/www
Cowboy
10.13.100.147 1065
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/4080/www
Cowboy
10.13.100.147 1066
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8000/www
Cowboy
10.13.100.147 1067
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8001/www
Cowboy
10.13.100.147 1068
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/9000/www
Cowboy
10.13.100.147 1069
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/32000/www
Cowboy
10.13.100.147 1070
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.147 1071
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4001/www
10.13.100.147 1072
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4040/www
10.13.100.147 1073
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4080/www
10.13.100.147 1074
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
10.13.100.147 1075
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8001/www
10.13.100.147 1076
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
10.13.100.147 1077
85805 - HTTP/2 Cleartext Detection
Synopsis
Description
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).
See Also
https://http2.github.io/
https://tools.ietf.org/html/rfc7540
https://github.com/http2/http2-spec
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.147 1078
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
10.13.100.147 1079
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
10.13.100.147 1080
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1081
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="I197SCY7eS5NGBYmC0AidBwSKAg0AlZCor-ykq-mzntNhuQEzfKas59p" name="csrf-token">
<title>Lotusdew Securities</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
<style>
@import url('https://fonts.googleapis.com/css2?family=Play&display=swap');
</style>
</head>
<body>
<!-- <header>
<section class="container">
<nav>
<ul>
<li><a href="https://hexdocs.pm/phoenix/overview.html">Get Started</a></li>
<li><a href="/dashboard">LiveDashboard</a></li>
</ul>
</nav>
<a href="https://phoenixframework.org/" class="phx-logo">
<img src={Routes.static_path(@conn, "/images/phoenix.png")} alt="Phoenix Framework Logo"/>
</a>
</section>
</header> -->
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<div class="navbar-container">
<div class="logo-container">
<div class="logo-img-container">
<a href="/">
<img src="/images/logo-dark.png">
</a>
</div>
<div class="logo-name-conta [...]
10.13.100.147 1082
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1083
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="Gxw6CwtyHigDdzFoAQQOWhs3F3MQHzduCWuFa4Ixj-c7cTd7TcAKfjN7">
<title data-suffix=" · Lotusdew Securities">BrokerWeb · Lotusdew Securities</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<body>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<div class="login-container">
<!--<div class="login-left">
<img src = "/images/login.png" class="login-img" />
</div> !-->
<div class="login-right">
<h3 class="login-header">Welcome Back</h3>
<div class="login-content">
<div class="card-cont">
<form action="/" method="post"><input name="_csrf_token" type="hidden" hidden
value="Gxw6CwtyHigDdzFoAQQOWhs3F3MQHzduCWuFa4Ixj-c7cTd7TcAKfjN7">
10.13.100.147 1084
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4001/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1085
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="XQwoAhADLnVTDjRDcxAJJFE4QT4qfCkK-mkhsfI07BGsB_OtgN2uO0GI">
<title data-suffix=" · Phoenix Framework">Adminstrator · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<header>
</header>
<body>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<section class="h-screen">
<div class="px-6 h-full text-gray-800">
<div class="flex xl:justify-center lg:justify-between justify-center items-center flex-wrap h-full
g-6">
<div class="xl:ml-20 xl:w-5/12 lg:w-5/12 md:w-8/12 mb-12 md:mb-0">
<p class="text-lg mb-0 mr-4">Log in</p>
<form action="/login" method="post"><input name="_csrf_token" type="hidden"
value="XQwoAhADLnVTDjRDcxAJJFE4QT4qfCkK-mkhsfI07BGsB_OtgN2uO0GI">
<div class="mb-6">
<input class="form-control block w-full px-4 py-2 text-xl font-normal text-gray-700 bg-white bg-
clip-padding border border-solid border-gray-300 rounded transition ease-in-out m-0 focus:text-
gray-700 focus:bg-white focus:border-blue-600 focus:outline-none" id="user_phone [...]
10.13.100.147 1086
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4040/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1087
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="AVwnNTwSEiJcRigITxM8ZTIqWD46dw8MQoTjeDBmhrOW9qMTENljI-yA">
<title data-suffix=" · Phoenix Framework">Pstream · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<header>
<section class="container">
<h1>Price Streamer</h1>
</section>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<form action="/session" method="post"><input name="_csrf_token" type="hidden"
value="AVwnNTwSEiJcRigITxM8ZTIqWD46dw8MQoTjeDBmhrOW9qMTENljI-yA">
<label>
Phone: <input class="qa-session-phone" id="phone" name="phone" type="text">
</label>
<button class="qa-session-submit" type="submit">Submit</button>
</form>
</main>
</body>
</html>
10.13.100.147 1088
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4080/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1089
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="AmIeAh0-CS9jcUcwMGctAztpPyUgYykIQ0A5tRjg582iJWH4yDvnw9DY" name="csrf-token">
<title>Lotusdew Securities</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
<style>
@import url('https://fonts.googleapis.com/css2?family=Play&display=swap');
</style>
</head>
<body>
<!-- <header>
<section class="container">
<nav>
<ul>
<li><a href="https://hexdocs.pm/phoenix/overview.html">Get Started</a></li>
<li><a href="/dashboard">LiveDashboard</a></li>
</ul>
</nav>
<a href="https://phoenixframework.org/" class="phx-logo">
<img src={Routes.static_path(@conn, "/images/phoenix.png")} alt="Phoenix Framework Logo"/>
</a>
</section>
</header> -->
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<div class="navbar-container">
<div class="logo-container">
<div class="logo-img-container">
<a href="/">
<img src="/images/logo-dark.png">
</a>
</div>
<div class="logo-name-container">
<a hre [...]
10.13.100.147 1090
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
Response Body :
10.13.100.147 1091
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="ATY5fg4pLSdTKhMVBCEqLC8eABIBOA4WtAR5ybcIfXpmlPmHZDpCVlTo">
<title data-suffix=" · Phoenix Framework">Chart · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/css/app.css">
<script defer phx-track-static type="text/javascript" src="/js/app.js"></script>
</head>
<body>
<header>
<h2 style="text-align: center;">Candle Demo</h2>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<section class="phx-hero">
<h1>Welcome to Phoenix!</h1>
<p>Peace of mind from prototype to production</p>
</section>
<section class="row">
<article class="column">
<h2>Resources</h2>
<ul>
<li>
<a href="https://hexdocs.pm/phoenix/overview.html">Guides & Docs</a>
</li>
<li>
<a href="https://github.com/phoenixframework/phoenix">Source</a>
</li>
<li>
<a href="https://github.com/phoenixframework/phoenix/blob/v1.6/CHANGELOG.md">v1.6
Changelog</a>
</li>
</ul>
</article>
<article class="column">
<h2>Help</h2>
<ul>
<li>
[...]
10.13.100.147 1092
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8001/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1093
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="OSEaEDR0Jy4EVDNaAUNqbhgbBDIOBQorMTXSuAKeplUn0004TTnCzpgF">
<title data-suffix=" · Phoenix Framework">RMSWeb · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<header>
<section class="container">
<nav>
<ul>
<li><a href="https://hexdocs.pm/phoenix/overview.html">Get Started</a></li>
<li><a href="/dashboard">LiveDashboard</a></li>
</ul>
</nav>
<a href="https://phoenixframework.org/" class="phx-logo">
<img src="/images/phoenix.png" alt="Phoenix Framework Logo">
</a>
</section>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<div data-phx-
session="SFMyNTY.g2gDaAJhBXQAAAAIZAACaWRtAAAAFHBoeC1GNHh2OFFvWkFianBfbGhCZAAMbGl2ZV9zZXNzaW9uZAADbmlsZAAKcGFyZW50X
[...]
10.13.100.147 1094
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1095
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="BXE0NzJCPjh6C2gjXTRgGAsmKTVeDFcYH6__Jz_j3hEQ9uPkZwZmoa1J" name="csrf-token">
<title data-suffix=" · Phoenix Framework">TradeBook · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<header>
<section class="container">
<nav>
<ul>
<li><a href="https://hexdocs.pm/phoenix/overview.html">Get Started</a></li>
<li><a href="/dashboard">LiveDashboard</a></li>
</ul>
</nav>
<a href="https://phoenixframework.org/" class="phx-logo">
<img src="/images/phoenix.png" alt="Phoenix Framework Logo">
</a>
</section>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<section class="phx-hero">
<h1>Welcome to Phoenix!</h1>
<p>Peace of mind from prototype to production</p>
</section>
<section class="row">
<article class="column">
<h2>Resources</h2>
<ul>
<li>
<a href="https://hexdocs.pm/phoenix/overview.html">Guides & Docs</a>
</li>
<li>
<a href="https:/ [...]
10.13.100.147 1096
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
10.13.100.147 1097
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="QgQ9OERGQhMqByQhKXE-GxZ3PRAGCTcf5aJq04uaFaoQCDmlGZmbpFqW" name="csrf-token">
<title data-suffix=" · Phoenix Framework">TestApi · Phoenix Framework</title>
<link phx-track-static rel="stylesheet" href="/assets/app.css">
<script defer phx-track-static type="text/javascript" src="/assets/app.js"></script>
</head>
<body>
<header>
<section class="container">
<nav>
<ul>
<li><a href="https://hexdocs.pm/phoenix/overview.html">Get Started</a></li>
<li><a href="/dashboard">LiveDashboard</a></li>
</ul>
</nav>
<a href="https://phoenixframework.org/" class="phx-logo">
<img src="/images/phoenix.png" alt="Phoenix Framework Logo">
</a>
</section>
</header>
<main class="container">
<p class="alert alert-info" role="alert"></p>
<p class="alert alert-danger" role="alert"></p>
<section class="phx-hero">
<h1>Welcome to Phoenix!</h1>
<p>Peace of mind from prototype to production</p>
</section>
<section class="row">
<article class="column">
<h2>Resources</h2>
<ul>
<li>
<a href="https://hexdocs.pm/phoenix/overview.html">Guides & Docs</a>
</li>
<li>
<a href="https://g [...]
10.13.100.147 1098
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is 148 seconds.
10.13.100.147 1099
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.147 1100
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.147 1101
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.147 1102
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4001/www
10.13.100.147 1103
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4040/www
10.13.100.147 1104
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4080/www
10.13.100.147 1105
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4369/epmd
10.13.100.147 1106
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.147 1107
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5555
10.13.100.147 1108
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
10.13.100.147 1109
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8001/www
10.13.100.147 1110
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
10.13.100.147 1111
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.147 1112
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.147 1113
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:35 India Standard Time
Scan duration : 12343 sec
Scan for malware : no
10.13.100.147 1114
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.147 1115
10919 - Open Port Re-check
Synopsis
Description
One of several ports that were previously open are now closed or unresponsive.
- An administrator may have stopped a particular service during the scanning process.
- A network outage has been experienced during the scan, and the remote network cannot be reached
anymore by the scanner.
- This scanner may has been blacklisted by the system administrator or by an automatic intrusion
detection / prevention system that detected the scan.
- The remote host is now down, either because a user turned it off during the scan or because a select
denial of service was effective.
In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
Risk Factor
None
References
XREF IAVB:0001-B-0509
Plugin Information
Plugin Output
tcp/0
10.13.100.147 1116
Port 5555 was detected as being open but is now closed
Port 5000 was detected as being open but is now closed
10.13.100.147 1117
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.147 1118
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire
soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=airalgo.com
|-Not After : Nov 13 20:27:34 2023 GMT
10.13.100.147 1119
42981 - SSL Certificate Expiry - Future Expiry
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject : CN=airalgo.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Aug 15 20:27:35 2023 GMT
Not valid after : Nov 13 20:27:34 2023 GMT
10.13.100.147 1120
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 04 DA 27 DF 9D FB 57 B0 B9 B3 C5 B2 7B 2B D9 D2 8F BC
Version: 3
10.13.100.147 1121
2F 2D 76 56 2B 64 85 EC C7 91 10 72 D8 2C 1F A6 11 FE 42 15
EA D8 15 54 C4 4A B0 0D 60 BA C1 88 F5 08 7C A4 64 51 A9 DD
6B AF 80 16 15 43 DF F3 22 61 8B D0 F2 C2 FA CD B1 75 05 64
63 DE A9 60 9F A5 E4 73 B7 24 5F 03 3C 80 98 7A CD DA 2D 33
7F B1 C7 88 96 AA B5 22 C8 C2 08 0D E8 48 7F A4 D4 65 1D 2D
DB 82 CF 41 9B 46 31 65 FC AD E3 AB 9C FD 68 81 EB 2C C9 13
02 0F 2C C3 82 BF 29 C1 AF 25 3B 5C 08 D7 7D E0 60 94 C0 A3
96 A4 98 74 63 EE 33 24 CC A3 50 C4 D9 0A 6E 20 97 28 D0 19
8B 4C B3 DE D6 FD C8 09 53 7B 99 60 FC 07 66 7C B3 3B 05 84
A8 9D 6F E3 97 3D 72 8F 1E 5C 8D E5 20 35 D0 5A 5B 78 2D 8F
2E 6D 0C 15 05 DF E8 BD 5B 5B 94 96 56 86 83 D7 AB
10.13.100.147 1122
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.147 1123
Plugin Output
tcp/443/www
10.13.100.147 1124
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.147 1125
ECDHE-ECDSA-AES256-SHA384 0xC0, 0x2C ECDH ECDSA AES-GCM(256)
SHA384
ECDHE-ECDSA-CHACHA20-POLY1305 0xCC, 0xA9 ECDH ECDSA ChaCha20-Poly1305(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.147 1126
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
{Tenable ciphername}
{Cipher ID code}
10.13.100.147 1127
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.147 1128
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.147 1129
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.147 1130
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.147 1131
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.147 1132
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4001/www
10.13.100.147 1133
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4040/www
10.13.100.147 1134
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4080/www
10.13.100.147 1135
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.147 1136
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
10.13.100.147 1137
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8001/www
10.13.100.147 1138
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
10.13.100.147 1139
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.147 1140
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4000/www
10.13.100.147 1141
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4040/www
10.13.100.147 1142
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4080/www
10.13.100.147 1143
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.147 1144
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8000/www
10.13.100.147 1145
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/9000/www
10.13.100.147 1146
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends
when it receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/32000/www
10.13.100.147 1147
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.147 1148
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.147 1149
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.147 1150
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
If you want to test the remote server, either fix it to have it reply
to Nessus' requests in a reasonable amount of time, or enable the
'Perform thorough tests' setting.
10.13.100.147 1151
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.147 1152
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.147/
Version : 1.22.0
os : Ubuntu
source : Server: nginx/1.22.0 (Ubuntu)
10.13.100.147 1153
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.147/
Version : 1.22.0
os : Ubuntu
source : Server: nginx/1.22.0 (Ubuntu)
10.13.100.147 1154
10.13.100.151
0 1 3 1 25
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.151
ly
OS: Linux Kernel 2.6
On
Vulnerabilities
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
se
The remote service supports the use of medium strength SSL ciphers.
lU
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that
uses the 3DES encryption suite.
ia
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
Tr
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
r
Solution
Fo
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
10.13.100.151 1155
VPR Score
6.1
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
Plugin Information
Plugin Output
tcp/7070
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.151 1156
18405 - Remote Desktop Protocol Server Man-in-the-Middle Weakness
Synopsis
Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-
the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting
up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption
with the client and server without being detected. A MiTM attack of this nature would allow the attacker to
obtain any sensitive information transmitted, including authentication credentials.
This flaw exists because the RDP server stores a publicly known hard-coded RSA private key. Any attacker in
a privileged network location can use the key for this attack.
See Also
http://www.nessus.org/u?8033da0d
Solution
- Force the use of SSL as a transport layer for this service if supported, or/and
- On Microsoft Windows operating systems, select the 'Allow connections only from computers running
Remote Desktop with Network Level Authentication' setting if it is available.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
VPR Score
2.5
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 (CVSS2#E:U/RL:OF/RC:C)
References
10.13.100.151 1157
BID 13818
CVE CVE-2005-1794
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.151 1158
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
10.13.100.151 1159
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1160
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1161
10407 - X Server Detection
Synopsis
Description
The remote host is running an X11 server. X11 is a client-server protocol that can be used to display
graphical applications running on a given host on a remote client.
Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection.
Solution
Restrict access to this port. If the X11 client/server facility is not used, disable TCP support in X11 entirely (-
nolisten tcp).
Risk Factor
Low
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/6001/x11
10.13.100.151 1162
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.151 1163
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.151 1164
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
10.13.100.151 1165
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.151 1166
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5555
10.13.100.151 1167
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/6001/x11
10.13.100.151 1168
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1169
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.151 1170
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:39 India Standard Time
Scan duration : 246 sec
Scan for malware : no
10.13.100.151 1171
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.151 1172
10919 - Open Port Re-check
Synopsis
Description
One of several ports that were previously open are now closed or unresponsive.
- An administrator may have stopped a particular service during the scanning process.
- A network outage has been experienced during the scan, and the remote network cannot be reached
anymore by the scanner.
- This scanner may has been blacklisted by the system administrator or by an automatic intrusion
detection / prevention system that detected the scan.
- The remote host is now down, either because a user turned it off during the scan or because a select
denial of service was effective.
In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
Risk Factor
None
References
XREF IAVB:0001-B-0509
Plugin Information
Plugin Output
tcp/0
10.13.100.151 1173
Port 7070 was detected as being open but is now closed
10.13.100.151 1174
10940 - Remote Desktop Protocol Service Detection
Synopsis
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a
local user on the remote host).
If an attacker gains a valid login and password, this service could be used to gain further access on the
remote host. An attacker may also use this service to mount a dictionary attack against the remote host to
try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for
attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389/msrdp
10.13.100.151 1175
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1176
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
Subject Name:
Issuer Name:
Serial Number: 01
Version: 1
10.13.100.151 1177
F9 B8 A7 2C E3 B0 00 2B 8D 2D 34 B9 22 E7 B4 4C 14 43 F5 76
B8 7E 14 95 8E 25 29 9D 86 78 8E 6C B3 D7 7C 65 D7
Exponent: 01 00 01
10.13.100.151 1178
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.151 1179
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.151 1180
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1181
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256)
SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA [...]
10.13.100.151 1182
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
10.13.100.151 1183
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.151 1184
35297 - SSL Service Requests Client Certificate
Synopsis
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a
valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1185
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.151 1186
Plugin Output
tcp/7070
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{ex [...]
10.13.100.151 1187
91263 - SSL/TLS Service Requires Client Certificate
Synopsis
The remote service requires an SSL client certificate to establish an SSL/TLS connection.
Description
The remote service encrypts communications using SSL/TLS and requires a client certificate in order to
establish an SSL/TLS connection.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
A TLSv12 server is listening on this port and requires client certificate verification.
10.13.100.151 1188
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1189
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.151 1190
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/7070
10.13.100.151 1191
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.151 1192
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5555
If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :
Port : 5555
Type : get_http
Banner :
0x00: 68 69 73 74 6F 72 79 20 6F 66 20 6C 74 20 6E 6F history of lt no
0x10: 74 20 66 6F 75 6E 64 20 66 6F 72 20 74 68 69 73 t found for this
0x20: 20 74 6F 6B 65 6E token
10.13.100.151 1193
66717 - mDNS Detection (Local Network)
Synopsis
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows
anyone to uncover information from the remote host such as its operating system type and exact version,
its hostname, and the list of services it is running.
This plugin attempts to discover mDNS used by hosts residing on the same network segment as Nessus.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/5353/mdns
10.13.100.151 1194
10.13.100.154
0 0 0 0 2
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.154
ly
Vulnerabilities
On
19506 - Nessus Scan Information
Synopsis
Description
se
lU
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
10.13.100.154 1195
Plugin Information
Plugin Output
tcp/0
10.13.100.154 1196
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
10.13.100.154 1197
An error was detected along the way.
10.13.100.154 1198
ttl was greater than 50 - Completing Traceroute.
? [...]
10.13.100.154 1199
10.13.100.159
0 0 2 0 32
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.159
ly
OS: Nutanix
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.159 1200
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
|-Subject : CN=airalgo.com
|-Not After : Feb 11 00:12:35 2023 GMT
10.13.100.159 1201
15901 - SSL Certificate Expiry
Synopsis
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and
reports whether any have already expired.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
Subject : CN=airalgo.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Nov 13 00:12:36 2022 GMT
Not valid after : Feb 11 00:12:35 2023 GMT
10.13.100.159 1202
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.159 1203
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.159 1204
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.159 1205
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/80/www
nginx/1.18.0 (Ubuntu)
10.13.100.159 1206
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/443/www
nginx/1.18.0 (Ubuntu)
10.13.100.159 1207
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/5000/www
gunicorn
10.13.100.159 1208
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Body :
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
10.13.100.159 1209
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>#$###If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
10.13.100.159 1210
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Response Body :
10.13.100.159 1211
10.13.100.159 1212
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
Server: gunicorn
Date: Mon, 09 Oct 2023 10:19:56 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 207
Response Body :
10.13.100.159 1213
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.159 1214
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.159 1215
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.159 1216
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.159 1217
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:44 India Standard Time
Scan duration : 1191 sec
Scan for malware : no
10.13.100.159 1218
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.159 1219
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.159 1220
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 04 4A 6A 7F 09 FF AE 69 99 A9 EF B1 07 5B B6 47 FA 22
Version: 3
10.13.100.159 1221
3F B5 95 A9 AE D0 CA 58 3F 3A CF FE 31 C7 D8 E8 0F 29 F9 B6
AC CB 1D EF FF 0E AB AC A1 69 9B 8B 8C D1 4B 77 A9 CD CC 60
1D B0 C2 BE 5A 88 8C DF BB 8A 43 10 F1 9B BF 10 30 E3 15 FB
E2 C6 EA B7 AF 40 52 EE 9A 8C 5E 46 C8 0E 68 83 8F
Exponent: 01 00 01
10.13.100.159 1222
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
Synopsis
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
Description
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a
cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are
known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to
generate another certificate with the same digital signature, allowing the attacker to masquerade as the
affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017
as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash
algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in
Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin
35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the
signature, including it being signed using a weak hashing algorithm, are not considered security issues.
See Also
http://www.nessus.org/u?ae636e78
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
Solution
Risk Factor
None
References
BID 11849
BID 33065
XREF CWE:310
Plugin Information
10.13.100.159 1223
Plugin Output
tcp/443/www
10.13.100.159 1224
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.159 1225
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.159 1226
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.159 1227
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.159 1228
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.159 1229
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
10.13.100.159 1230
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
tcp/443/www
10.13.100.159 1231
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.159 1232
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.159 1233
62564 - TLS Next Protocols Supported
Synopsis
The remote service advertises one or more protocols as being supported over TLS.
Description
This script detects which protocols are advertised by the remote service to be encapsulated by TLS
connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service
may be falsely advertising these protocols and / or failing to advertise other supported protocols.
See Also
https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
https://technotes.googlecode.com/git/nextprotoneg.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
http/1.1
10.13.100.159 1234
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
10.13.100.159 1235
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.159 1236
11765 - UPnP TCP Helper Detection
Synopsis
Description
If the tested network is not a home network, you should disable this service.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5000/www
10.13.100.159 1237
10302 - Web Server robots.txt Information Disclosure
Synopsis
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting
certain directories in a website for maintenance or indexing purposes. A malicious user may also be able
to use the contents of this file to learn of sensitive documents or directories on the affected site and either
retrieve them directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt
file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Contents of robots.txt :
# https://www.robotstxt.org/robotstxt.html
User-agent: *
Disallow:
10.13.100.159 1238
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/80/www
URL : http://10.13.100.159/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.159 1239
106375 - nginx HTTP Server Detection
Synopsis
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
https://nginx.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0677
Plugin Information
Plugin Output
tcp/443/www
URL : https://10.13.100.159/
Version : 1.18.0
os : Ubuntu
source : Server: nginx/1.18.0 (Ubuntu)
10.13.100.159 1240
10.13.100.254
0 0 3 1 32
CRITICAL HIGH MEDIUM LOW INFO
Host Information
IP: 10.13.100.254
ly
OS: FortiOS on Fortinet FortiGate
On
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
Synopsis
se
The SSL certificate for this service cannot be trusted.
lU
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
ia
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
Tr
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
r
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
Fo
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
10.13.100.254 1241
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1242
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-
middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but
is signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1243
157288 - TLS Version 1.1 Protocol Deprecated
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and
recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://datatracker.ietf.org/doc/html/rfc8996
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1244
TLSv1.1 is enabled and the server supports at least one cipher.
10.13.100.254 1245
10663 - DHCP Server Detection
Synopsis
The remote DHCP server may expose information about the associated network.
Description
This script contacts the remote DHCP server (if any) and attempts to retrieve information about the
network layout.
Some DHCP servers provide sensitive information such as the NIS domain name, or network layout
information such as the list of the network web servers, and so on.
It does not demonstrate any vulnerability, but a local attacker may use DHCP to become intimately familiar
with the associated network.
Solution
Apply filtering to keep this information off the network and remove any options that are not in use.
Risk Factor
Low
3.3 (CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
udp/67
Nessus gathered the following information from the remote DHCP server :
10.13.100.254 1246
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Plugin Output
tcp/8181/www
URL : https://10.13.100.254:8181/
Version : unknown
Source : Server: Apache
backported : 0
10.13.100.254 1247
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.254 1248
11002 - DNS Server Detection
Synopsis
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames
and IP addresses.
See Also
https://en.wikipedia.org/wiki/Domain_Name_System
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available
externally.
Risk Factor
None
Plugin Information
Plugin Output
tcp/53/dns
10.13.100.254 1249
11002 - DNS Server Detection
Synopsis
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames
and IP addresses.
See Also
https://en.wikipedia.org/wiki/Domain_Name_System
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available
externally.
Risk Factor
None
Plugin Information
Plugin Output
udp/53/dns
10.13.100.254 1250
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.254 1251
17367 - Fortinet FortiGate Web Console Management Detection
Synopsis
Description
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based
console management port.
Letting attackers know that you are using this software will help them to focus their attack or will make
them change their strategy. In addition to this, an attacker may set up a brute-force attack against the
remote interface.
See Also
https://www.fortinet.com/products/fortigate/
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
The following instance of FortiOS Web Interface was detected on the remote host :
10.13.100.254 1252
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Plugin Output
tcp/8181/www
Apache
10.13.100.254 1253
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
Response Body :
10.13.100.254 1254
<p>The document has moved <a href="https://10.13.100.254:8181/ng">here</a>.</p>
</body></html>
10.13.100.254 1255
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-
based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect,
but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
10.13.100.254 1256
11387 - L2TP Network Server Detection
Synopsis
Description
The report host understands the L2TP tunneling protocol and appears to be a VPN endpoint, or more
specifically, an L2TP Network Server.
See Also
https://en.wikipedia.org/wiki/L2TP
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0900
Plugin Information
Plugin Output
udp/1701/l2tp
10.13.100.254 1257
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/53/dns
10.13.100.254 1258
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/541
10.13.100.254 1259
11219 - Nessus SYN scanner
Synopsis
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1260
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.254 1261
Scan policy used : Advanced Scan
Scanner IP : 10.13.100.122
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/9 15:45 India Standard Time
Scan duration : 627 sec
Scan for malware : no
10.13.100.254 1262
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.254 1263
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1264
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
Subject Name:
Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: FortiGate
Common Name: FGT50E5620014027
Email Address: support@fortinet.com
Issuer Name:
Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: support
Email Address: support@fortinet.com
Serial Number: 4D 97 AA
Version: 3
10.13.100.254 1265
Key Length: 2048 bits
Public Key: 00 B2 E1 DD C8 74 00 75 EB 53 D7 8E CA 16 6C CB 5E F5 D9 F6
1C CA D8 A1 0F 0D 79 52 F2 4F FC C1 81 BE 08 38 1B AF 26 76
FB BD 12 79 A7 0B 63 2F DF 9C E5 CA CF 43 2F 55 DC A1 13 0F
13 E8 7E AA 4C 6E C8 99 BB AF 8E 4E 76 31 D6 0A 15 C5 80 BC
27 AA 80 A0 50 C2 1F 16 4D 4E A8 AE 71 B5 10 4E EA 2F 46 2F
AB 51 F0 A8 18 EA 34 1F AC 6B AA 58 75 A1 82 67 54 6A 52 55
AD 99 2B E7 E6 3F 75 57 05 0A 49 04 A6 0A 07 09 95 1E B4 7E
8B D0 9C 32 04 16 EB DA C8 BE B4 B5 E8 A2 C7 F9 63 4C F7 E0
1F 87 0C DF 3C 20 78 23 43 92 E2 09 68 E3 A1 EC 84 EE 90 0D
94 C3 5D 49 8C 1A FA A7 D9 90 18 84 A2 1F 61 B0 A4 FA 25 4B
42 86 C2 3D A0 C2 0C B3 1A 12 E2 EA C4 14 1E 0C DF 76 74 CA
DD 45 B8 B8 8E DB C7 2A 23 55 AF A4 61 48 09 1B 59 4F E1 3D
89 29 B5 8C A1 16 E0 3E 54 3C 39 AE E6 CB 9E 1C E9
Exponent: 01 00 01
10.13.100.254 1266
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks
with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
Here is the list of SSL CBC ciphers supported by the remote server :
10.13.100.254 1267
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128)
SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256)
SHA256
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.254 1268
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
http://www.nessus.org/u?e17ffced
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1269
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128)
SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256)
SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128)
SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AE [...]
10.13.100.254 1270
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
Here is the list of SSL PFS ciphers supported by the remote server :
10.13.100.254 1271
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128)
SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256)
SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128)
SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256)
SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256)
SHA384
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.254 1272
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/
cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable
use and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1273
156899 - SSL/TLS Recommended Cipher Suites
Synopsis
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to
only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and
compatible with nearly every client released in the last five (or more) years.
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
Solution
Risk Factor
None
Plugin Information
10.13.100.254 1274
Plugin Output
tcp/8181/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined
below:
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10.13.100.254 1275
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
tcp/8181/www
10.13.100.254 1276
42822 - Strict Transport Security (STS) Detection
Synopsis
Description
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as
'secure' and to close the connection in the event of potentially insecure situations.
See Also
http://www.nessus.org/u?2fb3aca6
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
Strict-Transport-Security: max-age=15552000
10.13.100.254 1277
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.13.100.254 1278
84821 - TLS ALPN Supported Protocol Enumeration
Synopsis
Description
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension
supports.
See Also
https://tools.ietf.org/html/rfc7301
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
http/1.1
10.13.100.254 1279
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function
properly with major web browsers and major vendors.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1280
136318 - TLS Version 1.2 Protocol Detection
Synopsis
Description
See Also
https://tools.ietf.org/html/rfc5246
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
10.13.100.254 1281
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
Hop Count: 1
10.13.100.254 1282
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/541
If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :
Port : 541
Type : spontaneous
Banner :
0x0000: 16 03 01 01 50 01 00 01 4C 03 03 9B F3 F1 FE 00 ....P...L.......
0x0010: 8A 16 7A 8B AD 8F B4 0D 9F 79 F7 FC E9 01 63 E5 ..z......y....c.
0x0020: FA 95 D5 86 81 AC D7 4A AD A0 51 20 3E 36 32 A8 .......J..Q >62.
0x0030: E1 5A 2D 53 70 39 8B A8 F9 3E 1C F3 78 C0 DD 7A .Z-Sp9...>..x..z
0x0040: 56 25 C3 C1 B3 8F 97 2B 7A A4 37 0C 00 32 13 02 V%.....+z.7..2..
0x0050: 13 03 13 01 00 39 00 35 00 6B 00 3D C0 30 C0 2C .....9.5.k.=.0.,
0x0060: C0 28 C0 24 C0 14 C0 0A 00 33 00 2F 00 67 00 3C .(.$.....3./.g.<
0x0070: C0 2F C0 2B 00 9E C0 27 C0 23 C0 13 C0 09 00 FF ./.+...'.#......
0x0080: 01 00 00 D1 00 00 00 19 00 17 00 00 14 73 75 70 .............sup
0x0090: 70 6F 72 74 2E 66 6F 72 74 69 6E 65 74 2E 63 6F port.fortinet.co
0x00A0: 6D 00 0B 00 04 03 00 01 02 00 0A 00 08 00 06 00 m...............
0x00B0: 17 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 ......#.........
0x00C0: 00 00 0D 00 30 00 2E 04 03 05 03 06 03 08 07 08 ....0...........
0x00D0: 08 08 09 08 0A 08 0B 08 04 08 05 08 06 04 01 05 ................
0x00E0: 01 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 ................
0x00F0: 02 05 02 06 02 00 2B 00 0B 0A 03 04 03 03 03 02 ......+.........
0x0100: 03 01 03 00 00 2D 00 02 01 01 00 33 00 47 00 45 .....-.....3.G.E
0x0110: 00 17 00 41 04 9D FF A2 CF E2 58 9E 0E C1 C1 B9 ...A......X.....
0x0120: 65 31 38 3F 36 CA D1 F2 12 A4 EF 79 8E 99 F2 39 e18?6......y...9
0x0130: 1B 17 B3 DA 15 DE D4 61 53 3B 88 01 C1 FB 61 DF .......aS;....a.
0x0140: ED 93 80 42 05 1B 83 89 90 3C 02 4F FA F [...]
10.13.100.254 1283
100669 - Web Application Cookies Are Expired
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated
session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is
set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
https://tools.ietf.org/html/rfc6265
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a
security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie
attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Plugin Output
tcp/8181/www
Name : APSCOOKIE_3427010539
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Sun, 21-Oct-1973 10:19:41 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : FILE_DOWNLOADING_3427010539
Path : /
Value : "0%260"
10.13.100.254 1284
Domain :
Version : 1
Expires : Sun, 21-Oct-1973 10:19:41 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken_3427010539
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Sun, 21-Oct-1973 10:19:41 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Sun, 21-Oct-1973 10:19:41 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : VDOM_3427010539
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Sun, 21-Oct-1973 10:19:41 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : EDIT_HISTORY_3427010539
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Sun, 21-Oct-1973 10:19:41 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : CENTRAL_MGMT_OVERRIDE_3427010539
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Sun, 21-Oct-1973 10:19:41 GMT
Comment :
Secure : 1
Httponly : 0
Port :
10.13.100.254 1285