Start a new topic

Nessus vulnerabilities

Your product is vulnerable to the following nessus vulnerability ID's


ID: 51192 

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=UK/L=London/O=Smart Atoms Inc./CN=SmartAtoms/E=info@smartatoms.com
|-Issuer  : C=UK/L=London/O=Smart Atoms Inc./CN=SmartAtoms/E=info@smartatoms.com

ID: 42873

Here is the list of medium strength SSL ciphers supported by the remote server :

  Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

    EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
    ECDHE-RSA-DES-CBC3-SHA       Kx=ECDH        Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
    DES-CBC3-SHA                 Kx=RSA         Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}

ID: 20007

- SSLv3 is enabled and the server supports at least one cipher.

ID: 26928

Here is the list of weak SSL ciphers supported by the remote server :

  Low Strength Ciphers (<= 64-bit key)

    EDH-RSA-DES-CBC-SHA          Kx=DH          Au=RSA      Enc=DES-CBC(56)          Mac=SHA1   
    DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-CBC(56)          Mac=SHA1   

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}

ID: 65821

List of RC4 cipher suites supported by the remote server :

  High Strength Ciphers (>= 112-bit key)

    ECDHE-RSA-RC4-SHA            Kx=ECDH        Au=RSA      Enc=RC4(128)             Mac=SHA1   
    RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(128)             Mac=MD5    
    RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(128)             Mac=SHA1   

The fields above are :

  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}

Will a patch be deployed to re-mediate these vulnerabilities?

Login or Signup to post a comment