Scribd Logo
Upload

Welcome to Scribd!

  • Tenable Vulberability - Jan 2022

    Uploaded by

    sanghp
    1 views3 pages
    The document contains security issues found across multiple systems including: 1. An LDAP server that allows null binds, disclosing authentication information. 2. An OpenSSL server vulnerable to a padding oracle attack disclosing information. 3. SSH servers supporting weak algorithms like MD5 and SHA1. 4. SSL certificates signed with weak hashing algorithms. 5. SSL servers supporting medium strength cipher suites vulnerable to the SWEET32 attack. 6. SSL servers supporting weak cipher suites. 7. Systems allowing the insecure TLS 1.0 protocol. Remediation steps are provided such as disabling services, removing weak algorithms, and upgrading servers.

    Original Description:

    Original Title

    Tenable-Vulberability_Jan-2022

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains security issues found across multiple systems including: 1. An LDAP server that allows null binds, disclosing authentication information. 2. An OpenSSL server vulnerable to a padding oracle attack disclosing information. 3. SSH servers supporting weak algorithms like MD5 and SHA1. 4. SSL certificates signed with weak hashing algorithms. 5. SSL servers supporting medium strength cipher suites vulnerable to the SWEET32 attack. 6. SSL servers supporting weak cipher suites. 7. Systems allowing the insecure TLS 1.0 protocol. Remediation steps are provided such as disabling services, removing weak algorithms, and upgrading servers.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views3 pages

    Tenable Vulberability - Jan 2022

    Uploaded by

    sanghp
    The document contains security issues found across multiple systems including: 1. An LDAP server that allows null binds, disclosing authentication information. 2. An OpenSSL server vulnerable to a padding oracle attack disclosing information. 3. SSH servers supporting weak algorithms like MD5 and SHA1. 4. SSL certificates signed with weak hashing algorithms. 5. SSL servers supporting medium strength cipher suites vulnerable to the SWEET32 attack. 6. SSL servers supporting weak cipher suites. 7. Systems allowing the insecure TLS 1.0 protocol. Remediation steps are provided such as disabling services, removing weak algorithms, and upgrading servers.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    LDAP Server NULL Bind Connection Information Disclosure

    (blank)
    10.19.97.15 CMM Anonymous LDAP Authentication -> Authenticated Only, disable LDAP (none secure +
    secure)
    OpenSSL AES-NI Padding Oracle MitM Information Disclosure
    (blank)
    10.19.97.15 CMM Plat 050
    SSH Weak Algorithms Supported (ko su dung hmac-md5, hmac-sha1, hmac-sha2)
    (blank)
    10.19.69.114
    10.19.97.14 ACR remove mac hmac-sha1 in /etc/ssh/sshd_config
    MACs hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-
    ripemd160@openssh.com
    10.19.97.15 CMM disable ssh 22, 5022, 2222
    10.19.97.17 CMS
    SSL Certificate Signed Using Weak Hashing Algorithm
    (blank)
    10.19.24.17
    10.19.68.23
    10.19.68.24
    10.19.68.25
    10.19.71.81
    10.19.97.12 CM (load cert smgr)
    SSL Medium Strength Cipher Suites Supported (SWEET32)
    (blank)
    10.19.68.26
    10.19.68.27
    10.19.83.10 IPO Golden
    10.19.87.10 IPO Da Nang
    10.19.97.13 AES
    10.19.97.15 CMM
    SSL Weak Cipher Suites Supported
    (blank)
    10.19.97.15 CMM (upload cert smgr)
    TLS Version 1.0 Protocol Detection
    (blank)
    10.19.83.10 IPO Golden (R.10)
    10.19.87.10 IPO Da Nang (R.10)
    -> IPO R10 ko ho tro set minimum TLS
    10.19.97.13 AES disable TLS 1.0 on AES Server
    10.19.97.15 CMM

    You might also like