Scan Report

Scan Report
May 31, 2023
Summary
This document reports on the results of an automatic security scan. All dates are
displayed using the timezone Coordinated Universal Time, which is abbreviated UTC.
The task was 6477196341da8cf01c6392ca-6477196441da8cf01c639305-712c2952. The scan
started at Wed May 31 09:56:00 2023 UTC and ended at Wed May 31 11:33:28 2023 UTC.
The report rst summarises the results found. Then, for each host, the report describes
every issue found. Please consider the advice given in each description, in order to rectify
the issue.
Contents
1 Result Overview 2
2 Results per Host 2
2.1 103.108.9.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 High general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 High 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.3 Medium 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1.4 Low 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.1.5 Log 2095/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.1.6 Log 53/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.1.7 Log 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.1.8 Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.1.9 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.1.10 Log general/CPE-T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.1.11 Log 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1
2 RESULTS PER HOST 2
1 Result Overview
Host High Medium Low Log False Positive

103.108.9.11 19 2 1 16 0
Total: 1 19 2 1 16 0
Vendor security updates are not trusted.

Overrides are o. Even when a result has an override, this report uses the actual threat of the
result.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found.
Only results with a minimum QoD of 70 are shown.
This report contains all 38 results selected by the ltering described above. Before ltering
there were 62 results.
2 Results per Host

2.1 103.108.9.11
Host scan start Wed May 31 10:02:24 2023 UTC

Host scan end Wed May 31 11:33:24 2023 UTC
Service (Port) Threat Level

general/tcp High
22/tcp High
22/tcp Medium
22/tcp Low
2095/tcp Log
53/tcp Log
443/tcp Log
general/tcp Log
80/tcp Log
general/CPE-T Log
22/tcp Log
2.1.1 High general/tcp
High (CVSS: 10.0)

NVT: Operating System (OS) End of Life (EOL) Detection
Product detection result

. . . continues on next page . . .
. . . continued from previous page . . .

cpe:/o:debian:debian_linux:7
Detected by OS Detection Consolidation and Reporting (OID: 1.3.6.1.4.1.25623.1.0
,→.105937)
Summary
The Operating System (OS) on the remote host has reached the End of Life (EOL) and should
not be used anymore.
Vulnerability Detection Result

The "Debian GNU/Linux" Operating System on the remote host has reached the end o
,→f life.
CPE: cpe:/o:debian:debian_linux:7
Installed version,
build or SP: 7
EOL date: 2018-05-31
EOL info: https://en.wikipedia.org/wiki/List_of_Debian_releases#Release
,→_table
Impact
An EOL version of an OS is not receiving any security updates from the vendor. Unxed security
vulnerabilities might be leveraged by an attacker to compromise the security of this host.
Solution:
Solution type: Mitigation
Upgrade the OS on the remote host to a version which is still supported and receiving security
updates by the vendor.
Vulnerability Detection Method

Checks if an EOL version of an OS is present on the target host.
Details: Operating System (OS) End of Life (EOL) Detection
OID:1.3.6.1.4.1.25623.1.0.103674
Version used: 2022-04-05T13:00:52Z
Product Detection Result

Product: cpe:/o:debian:debian_linux:7
Method: OS Detection Consolidation and Reporting
OID: 1.3.6.1.4.1.25623.1.0.105937)
[ return to 103.108.9.11 ]
2.1.2 High 22/tcp

High (CVSS: 7.5)

NVT: Apache Karaf Default Credentials (SSH)
Summary
The remote Apache Karaf is using known default credentials.

It was possible to login as user `karaf` with password `karaf` and to execute `c
,→at /etc/passwd`. Result:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
phil:x:1000:1000:Phil California,,,:/home/phil:/bin/bash
Impact
This issue may be exploited by a remote attacker to gain access to sensitive information or modify
system conguration.
Solution:
Solution type: Workaround
Change the password.
Vulnerability Insight
It was possible to login with default credentials: 'karaf/karaf'.

Try to login with default credentials.
Details: Apache Karaf Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.105593
Version used: 2023-03-01T10:20:04Z
High (CVSS: 10.0)

NVT: Apple iOS (Jailbroken) Default Credentials (SSH)
Summary
The remote jailbroken Apple iOS device is using known default credentials for the SSH login.

It was possible to login with the following known default credentials:
Username: "root", Password: "alpine"
and to execute `cat /etc/passwd`. Result (truncated):
s
Username: "mobile", Password: "dottie"
and to execute `cat /etc/passwd`. Result (truncated):
s
Impact
system conguration.
Solution:
Aected Software/OS
All jailbroken Apple iOS devices with default credentials. Other devices or vendors might be
aected as well.

Tries to login via SSH using known default credentials.
Details: Apple iOS (Jailbroken) Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.117505
Version used: 2022-12-05T10:11:03Z
References
url: https://www.macworld.com/article/201053/iphone_password.html
url: https://blog.elcomsoft.com/2020/05/ios-jailbreaks-ssh-and-root-password/
High (CVSS: 7.8)

NVT: Array Networks vxAG/xAPV Multiple Vulnerabilities (Mar 2014)


Summary
Array Networks vxAG/xAPV is prone to multiple vulnerabilities.

It was possible to login as user "mfg" with password "mfg" and to execute the "i
,→d" command. Result:
uid=9237(mfg) gid=9237(mfg) groups=9237(mfg)
Impact
Successful exploitation will allow attacker to gain unauthorized root access to aected devices
and completely compromise the devices.
Solution:
Solution type: WillNotFix
No known solution was made available for at least one year since the disclosure of this vulnera-
bility. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
Aected Software/OS
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances.
Multiple aws are due to
- The program using insecure world writable permissions for the '/ca/bin/monitor.sh' le.
- The 'mfg' account has a password of 'mfg' and the 'sync' account has a password of 'click1',
which is publicly known and documented.
- If a remote attacker has explicit knowledge of the SSH keys they can potentially gain privileged
access to the device.

Tries to login via SSH using known default credentials.
Details: Array Networks vxAG/xAPV Multiple Vulnerabilities (Mar 2014)
OID:1.3.6.1.4.1.25623.1.0.804417
Version used: 2023-02-28T10:20:42Z
References
url: http://packetstormsecurity.com/files/125761
url: http://www.securityfocus.com/bid/66299
High (CVSS: 7.5)

NVT: C.H.I.P. Device Default Credentials (SSH)
Summary
The remote C.H.I.P. device is using known default credentials.


It was possible to login to the remote C.H.I.P. Device via SSH with the followin
,→g credentials:
Username: "root", Password: "chip"
Username: "chip", Password: "chip"
It was also possible to execute "cat /etc/passwd" as "root". Result:
It was also possible to execute "cat /etc/passwd" as "chip". Result:
Impact
system conguration.
Solution:

Try to login with known credentials.
Details: C.H.I.P. Device Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.108164
Version used: 2023-03-01T10:20:05Z
High (CVSS: 10.0)

NVT: Default Password '3!acK5tratu5' for 'root' Account (SSH)
Summary
The remote device is using known default credentials.

It was possible to login as user `root` with password `3!acK5tratu5` and to exec
,→ute the ìd` command. Result:
uid=0(root) gid=0(root) groups=0(root)
Impact
system conguration.
Solution:


Try to login as root with password '3!acK5tratu5'.
Details: Default Password '3!acK5tratu5' for 'root' Account (SSH)
OID:1.3.6.1.4.1.25623.1.0.140088
Version used: 2023-03-01T10:20:04Z
High (CVSS: 10.0)

NVT: Default Password 'adminIWSS85' for 'root' Account (SSH)
Summary
The remote device is using known default credentials.

It was possible to login as user `root` with password àdminIWSS85` and to execu
,→te the ìd` command. Result:
Impact
system conguration.
Solution:

Try to login as root with password 'adminIWSS85'.
Details: Default Password 'adminIWSS85' for 'root' Account (SSH)
OID:1.3.6.1.4.1.25623.1.0.140240
Version used: 2023-03-01T10:20:05Z
High (CVSS: 10.0)

NVT: Default Password 'avam@r' for 'root' Account (SSH)
Summary
The remote host has the password 'avam@r' for the root account.

It was possible to login as user `root` with password àvam@r` and to execute `c
,→at /etc/passwd`. Result:

Impact
system conguration.
Solution:
It was possible to login with default credentials: 'root/avam@r'.

Details: Default Password 'avam@r' for 'root' Account (SSH)
OID:1.3.6.1.4.1.25623.1.0.140133
Version used: 2023-03-01T10:20:05Z
High (CVSS: 10.0)

NVT: iProtect Server Default Credentials (SSH)
Summary
The remote iProtect server is using known default credentials.

It was possible to login to the remote iProtect server via SSH with the followin
,→g credentials:
Username: "atlas", Password: "kp4700"

It was also possible to execute "cat /etc/passwd" as "atlas". Result:
Impact
system conguration.
Solution:

Try to login with known credentials.
Details: iProtect Server Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.108306
Version used: 2023-03-01T10:20:05Z
References
url: http://www.keyprocessor.com/kennisbank/Zipfile/KP_iProtect_8_0.03%20Stand-b
,→y%20server_M_160523_EN
High (CVSS: 9.3)

NVT: Multiple Barracuda Products Security Bypass and Backdoor Unauthorized Access Vulner-
abilities (SSH)
Summary
Multiple Barracuda products are prone to a security-bypass vulnerability and multiple
unauthorized-access vulnerabilities.

It was possible to login into the remote barracuda device with
username "product" and password "pickle99".
Impact
Attackers can exploit these issues to bypass certain security restrictions and gain unauthorized
access to the aected appliances. This may aid in further attacks.
Solution:
Solution type: VendorFix
Update to Security Denition 2.0.5.
Aected Software/OS
The following appliances are aected:

Barracuda Spam and Virus Firewall
Barracuda Web Filter
Barracuda Message Archiver
Barracuda Web Application Firewall
Barracuda Link Balancer
Barracuda Load Balancer
Barracuda SSL VPN

Details: Multiple Barracuda Products Security Bypass and Backdoor Unauthorized Access Vu.
,→..
OID:1.3.6.1.4.1.25623.1.0.103646
Version used: 2023-03-01T10:20:04Z
References
url: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013
,→0124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt
High (CVSS: 9.8)

NVT: OpenELEC Default Credentials (SSH)
Summary
OpenELEC is using known default credentials.

Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow remote attackers to gain unauthorized root access to aected
devices and completely compromise the devices.
Solution:
Information is available about a conguration or deployment scenario that helps to reduce the
risk of the vulnerability.
Aected Software/OS
OpenELEC devices.
The aw is due to the 'root' account has a password of 'openelec', which is publicly known and
documented.


Check if it is possible to login into the remote OpenELEC device.
Details: OpenELEC Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.807608
Version used: 2023-03-01T10:20:04Z
References
cve: CVE-2016-2230
url: http://www.kb.cert.org/vuls/id/544527
url: https://github.com/RasPlex/RasPlex/issues/453
High (CVSS: 10.0)

NVT: OpenVPN Access Server Default Credentials (SSH)
Summary
The remote OpenVPN Access Server is using known default credentials.

It was possible to login via ssh into the remote host with username "root" and p
,→assword "openvpnas"
Impact
system conguration.
Solution:
It was possible to login with default credentials: 'root/openvpnas'.

Details: OpenVPN Access Server Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.105345
Version used: 2023-03-01T10:20:04Z
High (CVSS: 10.0)

NVT: Panopta OnSight Default Credentials (SSH)
Summary
The remote Panopta OnSight is using known default credentials.


Impact
system conguration.
Solution:
It was possible to login with default credentials: 'panopta.admin/rb2svin9bwx7'.

Details: Panopta OnSight Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.105431
Version used: 2023-03-01T10:20:04Z
References
url: https://blogs.securiteam.com/index.php/archives/2475
High (CVSS: 9.8)

NVT: Raspberry Pi OS / Raspbian Default Credentials (SSH)
Summary
The remote Raspberry Pi OS / Raspbian system is using known default credentials for the SSH
login.

It was possible to login to the remote Raspberry Pi OS / Raspbian system via SSH
,→ with the following known credentials:
Username: "pi", Password: "raspberry"
and to execute `cat /etc/passwd`. Result:

Impact
system conguration.
Solution:
Change the default password.
Aected Software/OS
All Raspberry Pi OS / Raspbian systems using known default credentials. Other systems might
be aected as well.

Tries to login using the default credentials: 'pi:raspberry'.
Details: Raspberry Pi OS / Raspbian Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.117815
Version used: 2023-05-04T09:51:03Z
References
cve: CVE-2021-38759
url: https://www.raspberrypi.com/documentation/computers/configuration.html#chan
,→ge-the-default-password
url: https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
High (CVSS: 9.8)

NVT: Rasplex Default Credentials (SSH)
Summary
Rasplex is using known default credentials.

Impact

Successful exploitation will allow remote attackers to gain unauthorized root access to aected
devices and completely compromise the devices.
Solution:
Information is available about a conguration or deployment scenario that helps to reduce the
risk of the vulnerability.
Aected Software/OS
Rasplex devices.
The aw is due to the 'root' account has a password of 'rasplex', which is publicly known and
documented.

Check if it is possible to login into the remote Rasplex device.
Details: Rasplex Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.807609
Version used: 2023-03-01T10:20:04Z
References
cve: CVE-2016-2230
url: http://www.kb.cert.org/vuls/id/544527
url: https://github.com/RasPlex/RasPlex/issues/453
High (CVSS: 7.5)

NVT: Riello NetMan 204 Default Credentials (SSH)
Summary
The remote Riello NetMan 204 network card is using known default credentials for the SSH login.

It was possible to login as user 'admin' with password 'admin' and to execute 'c
,→at /etc/passwd'. Result:

Impact
system conguration.
Solution:
Change the password of the aected account(s).

Tries to login using known default credentials.
Note: The default 'admin' and 'user' credentials might be also reported for non-Riello devices.
This result is currently expected.
Details: Riello NetMan 204 Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.140001
Version used: 2023-03-08T10:19:59Z
References
url: https://www.exploit-db.com/exploits/41208
High (CVSS: 7.5)

NVT: Riverbed SteelCentral Default Credentials (SSH)
Summary
The remote Riverbed SteelCentral system is using known default credentials for the SSH login.

It was possible to login and to execute the ìd` command with the following user
,→s and the password `bb!nmp4y`
mazu
dhcp
root
id command result:
uid=5965(mazu) gid=5965(mazu) groups=5965(mazu)
uid=8250(dhcp) gid=8250(dhcp) groups=8250(dhcp)

Impact
system conguration.
Solution:

Tries to login with the default credentials over SSH.
Details: Riverbed SteelCentral Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.105791
Version used: 2022-12-05T10:11:03Z
High (CVSS: 9.8)

NVT: Unpassworded (Blank Password) 'root' Account (SSH)
Summary
The remote host has set no password for the root account.

It was possible to login as user `root` without a password and to execute `cat /
,→etc/passwd`. Result:

Impact
system conguration.
Solution:
- Set a password for the 'root' account
- For the Alpine Linux Docker image update to one of the following image releases:
edge (20190228 snapshot), v3.9.2, v3.8.4, v3.7.3, v3.6.5
- For other products / devices / images either see the 'aected' tag for xed releases or contact
the vendor for more information
Aected Software/OS
The following ocial docker images are known to be aected:
- Alpine Linux since version 3.3
- haproxy before version 1.8.18-alpine
- rabbitmq before version 3.7.13-beta.1-management-alpine
- memcached before version 1.5.11-alpine
- inuxdb before version 1.7.3-meta-alpine
- vault before version 0.11.6
- drupal before version 8.5.10-fpm-alpine
- plone before version of 4.3.18-alpine
- kong before version 1.0.2-alpine
- chronograf before version 1.7.7-alpine
- telegraf before version 1.9.4-alpine
- ghost before version 2.16.1-alpine
- adminer before version 4.7.0-fastcgi
- composer before version 1.8.3
- sonarqube
- irssi before version 1.1-alpine
- notary before version signer-0.6.1-1
- spiped before version 1.5-alpine
- Express Gateway before version 1.14.0
- storm before version 1.2.1
- piwik
- znc before version 1.7.1-slim
- elixir before version 1.8.0-alpine
- eggdrop before version 1.8.4rc2
- Consul versions 0.7.1 through 1.4.2
- Crux Linux versions 3.0 through 3.4
- Software AG Terracotta Server OSS version 5.4.1
- Appbase streams version 2.1.2
- Docker Docs versions through 2020-12-14
- Blackre versions through 2020-12-14

- FullArmor HAPI File Share Mount versions through 2020-12-14
- Weave Cloud Agent version 1.3.0
- Instana Dynamic APM version 1.0.0
- CoScale agent version 3.16.0
- registry versions through 2.7.0
- kapacitor versions through 1.5.0-alpine
Other products / devices / images might be aected as well.
It was possible to login with the 'root' username and without passing a password.

Try to login with a 'root' username and without a password.
Details: Unpassworded (Blank Password) 'root' Account (SSH)
OID:1.3.6.1.4.1.25623.1.0.108587
Version used: 2023-04-17T10:19:34Z
References
cve: CVE-1999-0501
cve: CVE-1999-0502
cve: CVE-2019-5021
cve: CVE-2020-35195
cve: CVE-2020-35196
cve: CVE-2020-35197
cve: CVE-2020-35194
cve: CVE-2020-35192
cve: CVE-2020-35191
cve: CVE-2020-35189
cve: CVE-2020-35190
cve: CVE-2020-35188
cve: CVE-2020-35187
cve: CVE-2020-35185
cve: CVE-2020-35186
cve: CVE-2020-35184
cve: CVE-2020-35193
cve: CVE-2020-29602
cve: CVE-2020-29601
cve: CVE-2020-29581
cve: CVE-2020-29579
cve: CVE-2020-29580
cve: CVE-2020-29578
cve: CVE-2020-29577
cve: CVE-2020-29575
cve: CVE-2020-29576
cve: CVE-2020-29564
cve: CVE-2020-29389
cve: CVE-2020-35469

cve: CVE-2020-35468
cve: CVE-2020-35467
cve: CVE-2020-35465
cve: CVE-2020-35466
cve: CVE-2020-35464
cve: CVE-2020-35463
cve: CVE-2020-35462
cve: CVE-2020-29591
cve: CVE-2020-29589
url: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
url: https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html
url: https://github.com/koharin/CVE
cert-bund: CB-K19/0393
dfn-cert: DFN-CERT-2019-1086
High (CVSS: 10.0)

NVT: VyOS Default Credentials (SSH)
Summary
The remote VyOS system is using known default credentials for the SSH login.

It was possible to login to the remote VyOS system via SSH with the following kn
,→own credentials:
Username: "vyos", Password: "vyos"
and to execute `cat /etc/passwd`. Result:
Impact
system conguration.
Solution:
Change the default password.
Aected Software/OS
All VyOS systems using known default credentials.

Tries to login using the default credentials: 'vyos:vyos'.
Details: VyOS Default Credentials (SSH)
OID:1.3.6.1.4.1.25623.1.0.117305
Version used: 2022-12-05T10:11:03Z
References
url: https://support.vyos.io/en/kb/articles/default-user-password-for-vyos-2
[ return to 103.108.9.11 ]
2.1.3 Medium 22/tcp
Medium (CVSS: 6.5)

NVT: Cisco Mobility Services Engine (MSE) Default Password `XmlDba123` for òracle` account
(cisco-sa-20151104-mse-cred) - Active Check
Summary
The remote Cisco Mobility Services Engine is prone to an insecure default-password vulnerability.

It was possible to login as user "oracle" with password "XmlDba123" and to execu
,→te the "id" command. Result:
uid=6373(oracle) gid=6373(oracle) groups=6373(oracle)
Impact
Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain
unauthorized access and perform unauthorized actions. This may aid in further attacks.
Solution:
Solution type: VendorFix
Updates are available. Please see the references for more information.

Aected Software/OS
Cisco Mobility Services Engine (MSE) versions 8.0.120.7 and earlier are vulnerable.
This issue is being tracked by Cisco Bug ID CSCuv40501 and CSCuv40504.

Tries to login via SSH as user 'oracle'.
Details: Cisco Mobility Services Engine (MSE) Default Password `XmlDba123` for òracle` .
,→..
OID:1.3.6.1.4.1.25623.1.0.140114
Version used: 2022-12-05T10:11:03Z
References
cve: CVE-2015-6316
url: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
,→sa-20151104-mse-cred
cert-bund: CB-K15/1620
dfn-cert: DFN-CERT-2015-1717
Medium (CVSS: 4.3)

NVT: Weak Encryption Algorithm(s) Supported (SSH)
Summary
The remote SSH server is congured to allow / support weak encryption algorithm(s).

The remote SSH server supports the following weak client-to-server encryption al
,→gorithm(s):
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
The remote SSH server supports the following weak server-to-client encryption al
,→gorithm(s):
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
Solution:

Disable the reported weak encryption algorithm(s).
- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is
believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems
with weak keys, and should not be used anymore.
- The 'none' algorithm species that no encryption is to be done. Note that this method provides
no condentiality protection, and it is NOT RECOMMENDED to use it.
- A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to
recover plaintext from a block of ciphertext.

Checks the supported encryption algorithms (client-to-server and server-to-client) of the remote
SSH server.
Currently weak encryption algorithms are dened as the following:
- Arcfour (RC4) cipher based algorithms
- none algorithm
- CBC mode cipher based algorithms
Details: Weak Encryption Algorithm(s) Supported (SSH)
OID:1.3.6.1.4.1.25623.1.0.105611
Version used: 2022-12-09T10:11:04Z
References
url: https://www.rfc-editor.org/rfc/rfc4253#section-6.3
url: https://www.kb.cert.org/vuls/id/958563
[ return to 103.108.9.11 ]
2.1.4 Low 22/tcp
Low (CVSS: 2.6)

NVT: Weak MAC Algorithm(s) Supported (SSH)
Summary
The remote SSH server is congured to allow / support weak MAC algorithm(s).

The remote SSH server supports the following weak client-to-server MAC algorithm
,→(s):
hmac-md5
The remote SSH server supports the following weak server-to-client MAC algorithm
,→(s):
hmac-md5
Solution:
Disable the reported weak MAC algorithm(s).

Checks the supported MAC algorithms (client-to-server and server-to-client) of the remote SSH
server.
Currently weak MAC algorithms are dened as the following:
- MD5 based algorithms
- 96-bit based algorithms
- none algorithm
Details: Weak MAC Algorithm(s) Supported (SSH)
OID:1.3.6.1.4.1.25623.1.0.105610
Version used: 2021-09-20T11:05:40Z
[ return to 103.108.9.11 ]
2.1.5 Log 2095/tcp
Log (CVSS: 0.0)

NVT: Check open ports
Summary
This plugin checks if the port scanners did not kill a service.

This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
Solution:
Log Method
Details: Check open ports
OID:1.3.6.1.4.1.25623.1.0.10919
Version used: 2022-07-27T10:11:28Z
[ return to 103.108.9.11 ]
2.1.6 Log 53/tcp

Log (CVSS: 0.0)

Summary

Solution:
Log Method
OID:1.3.6.1.4.1.25623.1.0.10919
Version used: 2022-07-27T10:11:28Z
[ return to 103.108.9.11 ]
2.1.7 Log 443/tcp
Log (CVSS: 0.0)

Summary

Solution:
Log Method
OID:1.3.6.1.4.1.25623.1.0.10919
Version used: 2022-07-27T10:11:28Z
[ return to 103.108.9.11 ]
2.1.8 Log general/tcp

Log (CVSS: 0.0)

NVT: Hostname Determination Reporting
Summary
The script reports information on how the hostname of the target was determined.

Hostname determination for IP 103.108.9.11:
Hostname|Source
103.108.9.11|IP-address
Solution:
Log Method
Details: Hostname Determination Reporting
OID:1.3.6.1.4.1.25623.1.0.108449
Version used: 2022-07-27T10:11:28Z
Log (CVSS: 0.0)

NVT: OpenSSH Detection Consolidation
Summary
Consolidation of OpenSSH detections.

Detected OpenSSH Server
Version: 6.0p1
Location: 22/tcp
CPE: cpe:/a:openbsd:openssh:6.0p1
Concluded from version/product identification result:
SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
Solution:
Log Method
Details: OpenSSH Detection Consolidation
OID:1.3.6.1.4.1.25623.1.0.108577
Version used: 2022-03-28T10:48:38Z
References
url: https://www.openssh.com/

Log (CVSS: 0.0)

NVT: OS Detection Consolidation and Reporting
Summary
This script consolidates the OS information detected by several VTs and tries to nd the best
matching OS.
Furthermore it reports all previously collected information leading to this best matching OS. It
also reports possible additional information which might help to improve the OS detection.
If any of this information is wrong or could be improved please consider to report these to the
referenced community forum.

Best matching OS:
OS: Debian GNU/Linux 7
Version: 7
CPE: cpe:/o:debian:debian_linux:7
Found by NVT: 1.3.6.1.4.1.25623.1.0.105586 (Operating System (OS) Detection (SSH
,→ Banner))
Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
Setting key "Host/runs_unixoide" based on this information
Solution:
Log Method
Details: OS Detection Consolidation and Reporting
OID:1.3.6.1.4.1.25623.1.0.105937
Version used: 2023-05-25T09:08:46Z
References
url: https://forum.greenbone.net/c/vulnerability-tests/7
Log (CVSS: 0.0)

NVT: Traceroute
Summary
Collect information about the network route and network distance between the scanner host and
the target host.

Network route from scanner (10.88.0.7) to target (103.108.9.11):
10.88.0.7
10.206.6.132
10.206.35.30
10.206.32.1

173.255.239.102
23.203.156.16
62.115.50.170
62.115.135.132
62.115.119.229
62.115.136.167
62.115.166.145
180.240.204.147
36.67.254.197
36.67.254.198
103.108.9.11
Network distance between scanner and target: 15
Solution:
For internal networks, the distances are usually small, often less than 4 hosts between scanner
and target. For public targets the distance is greater and might be 10 hosts or more.
Log Method
A combination of the protocols ICMP and TCP is used to determine the route. This method is
applicable for IPv4 only and it is also known as 'traceroute'.
Details: Traceroute
OID:1.3.6.1.4.1.25623.1.0.51662
Version used: 2022-10-17T11:13:19Z
[ return to 103.108.9.11 ]
2.1.9 Log 80/tcp
Log (CVSS: 0.0)

NVT: CGI Scanning Consolidation
Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community forum.

The Hostname/IP "103.108.9.11" was used to access the remote host.
Generic web application scanning is disabled for this host via the "Enable gener
,→ic web application scanning" option within the "Global variable settings" of t
,→he scan config in use.
The service is responding with a 200 HTTP status code to non-existent files/urls
,→. The following pattern is used to work around possible false detections:
-----
TYPE=password
-----
Requests to this service are done via HTTP/1.1.
This service seems to be able to host PHP scripts.
This service seems to be able to host ASP scripts.
The User-Agent "Mozilla/5.0 [en] (X11, U; OpenVAS-VT 21.4.3)" was used to access
,→ the remote host.
Historic /scripts and /cgi-bin are not added to the directories used for CGI sca
,→nning. You can enable this again with the "Add historic /scripts and /cgi-bin
,→to directories for CGI scanning" option within the "Global variable settings"
,→of the scan config in use.
The following directories were used for CGI scanning:
http://103.108.9.11/
While this is not, in and of itself, a bug, you should manually inspect these di
,→rectories to ensure that they are in compliance with company security standard
,→s
Solution:
Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2023-03-06T10:19:58Z
References
url: https://forum.greenbone.net/c/vulnerability-tests/7
Log (CVSS: 0.0)

NVT: HTTP Security Headers Detection
Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.

Header Name | Header Value

------------------------------
X-Frame-Options | SAMEORIGIN
Missing Headers | More Information
--------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→------------------------------------------------
Content-Security-Policy | https://owasp.org/www-project-secure-headers
,→/#content-security-policy
Cross-Origin-Embedder-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Opener-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
Cross-Origin-Resource-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
Document-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/document-policy#document-policy-http-header
Feature-Policy | https://owasp.org/www-project-secure-headers
,→/#feature-policy, Note: The Feature Policy header has been renamed to Permissi
,→ons Policy
Permissions-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/#permissions-policy-http-header-field
Referrer-Policy | https://owasp.org/www-project-secure-headers
,→/#referrer-policy
Sec-Fetch-Dest | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Mode | https://developer.mozilla.org/en-US/docs/Web
Sec-Fetch-Site | https://developer.mozilla.org/en-US/docs/Web
Sec-Fetch-User | https://developer.mozilla.org/en-US/docs/Web
X-Content-Type-Options | https://owasp.org/www-project-secure-headers
,→/#x-content-type-options
X-Permitted-Cross-Domain-Policies | https://owasp.org/www-project-secure-headers
,→/#x-permitted-cross-domain-policies
X-XSS-Protection | https://owasp.org/www-project-secure-headers
,→/#x-xss-protection, Note: Most major browsers have dropped / deprecated suppor
,→t for this header in 2020.
Solution:
Log Method

Details: HTTP Security Headers Detection
OID:1.3.6.1.4.1.25623.1.0.112081
Version used: 2021-07-14T06:19:43Z
References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#div-headers
url: https://securityheaders.com/
Log (CVSS: 0.0)

NVT: Response Time / No 404 Error Code Check
Summary
This VT tests if the remote web server does not reply with a 404 error code and checks if it is
replying to the scanners requests in a reasonable amount of time.

The service is responding with a 200 HTTP status code to non-existent files/urls
,→. The following pattern is used to work around possible false detections:
-----
TYPE=password
-----
Solution:
This web server might show the following issues:
- it is [mis]congured in that it does not return '404 Not Found' error codes when a non-existent
le is requested, perhaps returning a site map, search page, authentication page or redirect
instead.
The Scanner might enabled some counter measures for that, however they might be insucient.
If a great number of security issues are reported for this port, they might not all be accurate.
- it doesn't response in a reasonable amount of time to various HTTP requests sent by this VT.
In order to keep the scan total time to a reasonable amount, the remote web server might not be
tested. If the remote server should be tested it has to be xed to have it reply to the scanners
requests in a reasonable amount of time.
Alternatively the 'Maximum response time (in seconds)' preference could be raised to a higher
value if longer scan times are accepted.
Log Method
Details: Response Time / No 404 Error Code Check
OID:1.3.6.1.4.1.25623.1.0.10386
Version used: 2023-05-12T09:09:03Z
Log (CVSS: 0.0)

NVT: Services
Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

A web server is running on this port
Solution:
Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z
[ return to 103.108.9.11 ]
2.1.10 Log general/CPE-T
Log (CVSS: 0.0)

NVT: CPE Inventory
Summary
This routine uses information collected by other routines about CPE identities of operating
systems, services and applications detected during the scan.
Note: Some CPEs for specic products might show up twice or more in the output. Background:
After a product got renamed or a specic vendor was acquired by another one it might happen
that a product gets a new CPE within the NVD CPE Dictionary but older entries are kept with
the older CPE.

103.108.9.11|cpe:/a:openbsd:openssh:6.0p1
103.108.9.11|cpe:/o:debian:debian_linux:7
Solution:
Log Method
Details: CPE Inventory
OID:1.3.6.1.4.1.25623.1.0.810002
Version used: 2022-07-27T10:11:28Z
References

url: https://nvd.nist.gov/products/cpe
[ return to 103.108.9.11 ]
2.1.11 Log 22/tcp
Log (CVSS: 0.0)

NVT: Services
Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

An ssh server is running on this port
Solution:
Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z
Log (CVSS: 0.0)

NVT: SSH Protocol Algorithms Supported
Summary
This script detects which algorithms are supported by the remote SSH Service.

The following options are supported by the remote ssh service:
kex_algorithms:
curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nist
,→p384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,ext-info-s
server_host_key_algorithms:
ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
encryption_algorithms_client_to_server:
aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowf
,→ish-cbc,cast128-cbc
encryption_algorithms_server_to_client:
aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowf
,→ish-cbc,cast128-cbc
mac_algorithms_client_to_server:

hmac-sha2-512,hmac-sha2-384,hmac-sha2-56,hmac-sha1,hmac-md5
mac_algorithms_server_to_client:
hmac-sha2-512,hmac-sha2-384,hmac-sha2-56,hmac-sha1,hmac-md5
compression_algorithms_client_to_server:
zlib@openssh.com,zlib,none
compression_algorithms_server_to_client:
zlib@openssh.com,zlib,none
Solution:
Log Method
Details: SSH Protocol Algorithms Supported
OID:1.3.6.1.4.1.25623.1.0.105565
Version used: 2020-08-24T08:40:10Z
Log (CVSS: 0.0)

NVT: SSH Protocol Versions Supported
Summary
Identication of SSH protocol versions supported by the remote SSH Server. Also reads the
corresponding ngerprints from the service.
The following versions are tried: 1.33, 1.5, 1.99 and 2.0

The remote SSH Server supports the following SSH Protocol Versions:
1.99
2.0
SSHv2 Fingerprint(s):
ecdsa-sha2-nistp256: 4c:9f:17:6b:14:44:46:38:4d:8b:06:76:8a:dc:dc:d3
ssh-ed25519: 0b:b8:0e:fe:51:40:2d:3c:6f:30:2e:65:d8:9a:88:5c
ssh-rsa: ca:e8:02:e6:2b:ae:9b:63:6d:a2:55:84:45:98:57:32
Solution:
Log Method
Details: SSH Protocol Versions Supported
OID:1.3.6.1.4.1.25623.1.0.100259
Version used: 2020-08-24T08:40:10Z
Log (CVSS: 0.0)

NVT: SSH Server type and version
Summary

This detects the SSH Server's type and version by connecting to the server and processing the
buer received.
This information gives potential attackers additional information about the system they are
attacking. Versions and Types should be omitted where possible.

Remote SSH server banner: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
Remote SSH supported authentication: password,publickey
Remote SSH text/login banner: (not available)
This is probably:
- OpenSSH
Concluded from remote connection attempt with credentials:
Login: OpenVASVT
Password: OpenVASVT
Solution:
Log Method
Details: SSH Server type and version
OID:1.3.6.1.4.1.25623.1.0.10267
Version used: 2023-03-31T10:19:34Z
[ return to 103.108.9.11 ]
This le was automatically generated.

Scan Report

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Scan Report

Uploaded by

Copyright:

Available Formats

Scan Report

May 31, 2023

Host High Medium Low Log False Positive

Vendor security updates are not trusted.

2 Results per Host

Host scan start Wed May 31 10:02:24 2023 UTC

Service (Port) Threat Level

2.1.1 High general/tcp

High (CVSS: 10.0)

Product detection result

. . . continued from previous page . . .

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

2.1.2 High 22/tcp

High (CVSS: 7.5)

Vulnerability Detection Result

Vulnerability Detection Method

High (CVSS: 10.0)

Vulnerability Detection Result

Vulnerability Detection Method

High (CVSS: 7.8)

. . . continues on next page . . .

. . . continued from previous page . . .

Vulnerability Detection Result

Vulnerability Detection Method

High (CVSS: 7.5)

. . . continues on next page . . .

. . . continued from previous page . . .

Vulnerability Detection Method

High (CVSS: 10.0)

Vulnerability Detection Result

. . . continues on next page . . .

. . . continued from previous page . . .

Vulnerability Detection Method

High (CVSS: 10.0)

Vulnerability Detection Result

Vulnerability Detection Method

High (CVSS: 10.0)

Vulnerability Detection Result

. . . continued from previous page . . .

Vulnerability Detection Method

High (CVSS: 10.0)

Vulnerability Detection Result

. . . continued from previous page . . .

Vulnerability Detection Method

High (CVSS: 9.3)

Vulnerability Detection Result

. . . continued from previous page . . .

Vulnerability Detection Method

High (CVSS: 9.8)

Vulnerability Detection Result

Vulnerability Detection Method

. . . continued from previous page . . .

High (CVSS: 10.0)

Vulnerability Detection Result

Vulnerability Detection Method

High (CVSS: 10.0)

Vulnerability Detection Result

. . . continued from previous page . . .

Vulnerability Detection Method

High (CVSS: 9.8)

Vulnerability Detection Result