Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- I Summary
- =========
- This document reports on the results of an automatic security scan.
- The report first summarises the results found.
- Then, for each host, the report describes every issue found.
- Please consider the advice given in each description, in order to rectify
- the issue.
- All dates are displayed using the timezone "Coordinated Universal Time",
- which is abbreviated "UTC".
- Vendor security updates are not trusted.
- Overrides are on. When a result has an override, this report uses the
- threat of the override.
- Notes are included in the report.Information on overrides is included in the report.
- This report might not show details of all issues that were found.
- It only lists hosts that produced issues.
- Issues with the threat level "Log" are not shown.
- Issues with the threat level "Debug" are not shown.
- Issues with the threat level "False Positive" are not shown.
- Only results with a minimum QoD of 70 are shown.
- This report contains all 4 results selected by the
- filtering described above. Before filtering there were 121 results.
- Scan started: Fri Oct 20 21:27:56 2017 UTC
- Scan ended: Fri Oct 20 21:56:16 2017 UTC
- Task: HTB-Europa
- Host Summary
- ************
- Host High Medium Low Log False Positive
- 10.10.10.18 0 1 2 0 0
- 10.10.10.56 0 0 1 0 0
- Total: 2 0 1 3 0 0
- II Results per Host
- ===================
- Host 10.10.10.18
- ****************
- Scanning of this host started at: Fri Oct 20 21:28:03 2017 UTC
- Number of results: 3
- Port Summary for Host 10.10.10.18
- ---------------------------------
- Service (Port) Threat Level
- 22/tcp Medium
- general/tcp Low
- general/tcp Low
- Security Issues for Host 10.10.10.18
- ------------------------------------
- Issue
- -----
- NVT: SSH Weak Encryption Algorithms Supported
- OID: 1.3.6.1.4.1.25623.1.0.105611
- Threat: Medium (CVSS: 4.3)
- Port: 22/tcp
- Summary:
- The remote SSH server is configured to allow weak encryption algorithms.
- Vulnerability Detection Result:
- The following weak client-to-server encryption algorithms are supported by the r!
- emote service:
- 3des-cbc
- aes128-cbc
- aes192-cbc
- aes256-cbc
- arcfour
- arcfour128
- arcfour256
- blowfish-cbc
- cast128-cbc
- rijndael-cbc@lysator.liu.se
- The following weak server-to-client encryption algorithms are supported by the r!
- emote service:
- 3des-cbc
- aes128-cbc
- aes192-cbc
- aes256-cbc
- arcfour
- arcfour128
- arcfour256
- blowfish-cbc
- cast128-cbc
- rijndael-cbc@lysator.liu.se
- Solution:
- Solution type: Mitigation
- Disable the weak encryption algorithms.
- Vulnerability Insight:
- The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
- The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]!
- . Arcfour (and RC4) has problems
- with weak keys, and should not be used anymore.
- The `none` algorithm specifies that no encryption is to be done.
- Note that this method provides no confidentiality protection, and it
- is NOT RECOMMENDED to use it.
- A vulnerability exists in SSH messages that employ CBC mode that may allow an !
- attacker to recover plaintext from a block of ciphertext.
- Vulnerability Detection Method:
- Check if remote ssh service supports Arcfour, none or CBC ciphers.
- Details:
- SSH Weak Encryption Algorithms Supported
- (OID: 1.3.6.1.4.1.25623.1.0.105611)
- Version used: $Revision: 4490 $
- References:
- Other:
- https://tools.ietf.org/html/rfc4253#section-6.3
- https://www.kb.cert.org/vuls/id/958563
- Issue
- -----
- NVT: SSH Weak MAC Algorithms Supported
- OID: 1.3.6.1.4.1.25623.1.0.105610
- Threat: Low (CVSS: 2.6)
- Port: 22/tcp
- Summary:
- The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith!
- ms.
- Vulnerability Detection Result:
- The following weak client-to-server MAC algorithms are supported by the remote s!
- ervice:
- hmac-md5
- hmac-md5-96
- hmac-md5-96-etm@openssh.com
- hmac-md5-etm@openssh.com
- hmac-sha1-96
- hmac-sha1-96-etm@openssh.com
- The following weak server-to-client MAC algorithms are supported by the remote s!
- ervice:
- hmac-md5
- hmac-md5-96
- hmac-md5-96-etm@openssh.com
- hmac-md5-etm@openssh.com
- hmac-sha1-96
- hmac-sha1-96-etm@openssh.com
- Solution:
- Solution type: Mitigation
- Disable the weak MAC algorithms.
- Vulnerability Detection Method:
- Details:
- SSH Weak MAC Algorithms Supported
- (OID: 1.3.6.1.4.1.25623.1.0.105610)
- Version used: $Revision: 4490 $
- Issue
- -----
- NVT: TCP timestamps
- OID: 1.3.6.1.4.1.25623.1.0.80091
- Threat: Low (CVSS: 2.6)
- Port: general/tcp
- Summary:
- The remote host implements TCP timestamps and therefore allows to compute
- the uptime.
- Vulnerability Detection Result:
- It was detected that the host implements RFC1323.
- The following timestamps were retrieved with a delay of 1 seconds in-between:
- Packet 1: 233450904
- Packet 2: 233451186
- Impact:
- A side effect of this feature is that the uptime of the remote
- host can sometimes be computed.
- Solution:
- Solution type: Mitigation
- To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
- /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
- To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
- mps=disabled'
- Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
- ly disabled.
- The default behavior of the TCP/IP stack on this Systems is to not use the
- Timestamp options when initiating TCP connections, but use them if the TCP pee!
- r
- that is initiating communication includes them in their synchronize (SYN) segm!
- ent.
- See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
- Affected Software/OS:
- TCP/IPv4 implementations that implement RFC1323.
- Vulnerability Insight:
- The remote host implements TCP timestamps, as defined by RFC1323.
- Vulnerability Detection Method:
- Special IP packets are forged and sent with a little delay in between to the
- target IP. The responses are searched for a timestamps. If found, the timestam!
- ps are reported.
- Details:
- TCP timestamps
- (OID: 1.3.6.1.4.1.25623.1.0.80091)
- Version used: $Revision: 7277 $
- References:
- Other:
- http://www.ietf.org/rfc/rfc1323.txt
- Host 10.10.10.56
- ****************
- Scanning of this host started at: Fri Oct 20 21:28:03 2017 UTC
- Number of results: 1
- Port Summary for Host 10.10.10.56
- ---------------------------------
- Service (Port) Threat Level
- 22/tcp Medium
- general/tcp Low
- general/tcp Low
- Security Issues for Host 10.10.10.56
- ------------------------------------
- Issue
- -----
- NVT: TCP timestamps
- OID: 1.3.6.1.4.1.25623.1.0.80091
- Threat: Low (CVSS: 2.6)
- Port: general/tcp
- Summary:
- The remote host implements TCP timestamps and therefore allows to compute
- the uptime.
- Vulnerability Detection Result:
- It was detected that the host implements RFC1323.
- The following timestamps were retrieved with a delay of 1 seconds in-between:
- Packet 1: 64746346
- Packet 2: 64746645
- Impact:
- A side effect of this feature is that the uptime of the remote
- host can sometimes be computed.
- Solution:
- Solution type: Mitigation
- To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
- /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
- To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
- mps=disabled'
- Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
- ly disabled.
- The default behavior of the TCP/IP stack on this Systems is to not use the
- Timestamp options when initiating TCP connections, but use them if the TCP pee!
- r
- that is initiating communication includes them in their synchronize (SYN) segm!
- ent.
- See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
- Affected Software/OS:
- TCP/IPv4 implementations that implement RFC1323.
- Vulnerability Insight:
- The remote host implements TCP timestamps, as defined by RFC1323.
- Vulnerability Detection Method:
- Special IP packets are forged and sent with a little delay in between to the
- target IP. The responses are searched for a timestamps. If found, the timestam!
- ps are reported.
- Details:
- TCP timestamps
- (OID: 1.3.6.1.4.1.25623.1.0.80091)
- Version used: $Revision: 7277 $
- References:
- Other:
- http://www.ietf.org/rfc/rfc1323.txt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement