Ticket #3629: 169.230.27.25.csv

"Plugin","Plugin Name","Family","Severity","IP Address","Protocol","Port","Exploit?","Repository","MAC Address","DNS Name","NetBIOS Name","Plugin Text","Synopsis","Description","Solution","See Also","Risk Factor","STIG Severity","Vulnerability Priority Rating","CVSS V2 Base Score","CVSS V3 Base Score","CVSS V2 Temporal Score","CVSS V3 Temporal Score","CVSS V2 Vector","CVSS V3 Vector","CPE","CVE","BID","Cross References","First Discovered","Last Observed","Vuln Publication Date","Patch Publication Date","Plugin Publication Date","Plugin Modification Date","Exploit Ease","Exploit Frameworks","Check Type","Version"
"35291","SSL Certificate Signed Using Weak Hashing Algorithm","General","Medium","169.230.27.25","TCP","443","Yes","Incident Response Ad-Hoc","","cxconference.cgl.ucsf.edu","","Plugin Output: 
The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject             : C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From          : May 30 10:48:38 2000 GMT
|-Valid To            : May 30 10:48:38 2020 GMT","An SSL certificate in the certificate chain has been signed using a weak hash algorithm.","The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.","Contact the Certificate Authority to have the SSL certificate reissued.","https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba","Medium","","4.4","5.0","7.5","3.9","6.7","AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C","cpe:/a:ietf:md5
cpe:/a:ietf:x.509_certificate","CVE-2004-2761","11849,33065","CERT #836068,CWE #310","Aug 5, 2020 11:51:37 PDT","Aug 5, 2020 11:51:37 PDT","Aug 18, 2004 12:00:00 PDT","N/A","Jan 5, 2009 12:00:00 PST","Apr 27, 2020 12:00:00 PDT","Exploits are available","","remote","1.31"
"42873","SSL Medium Strength Cipher Suites Supported (SWEET32)","General","Medium","169.230.27.25","TCP","443","No","Incident Response Ad-Hoc","","cxconference.cgl.ucsf.edu","","Plugin Output: 
  Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

    Name                          Code             KEX           Auth     Encryption             MAC
    ----------------------        ----------       ---           ----     ---------------------  ---
    ECDHE-RSA-DES-CBC3-SHA        0xC0, 0x12       ECDH          RSA      3DES-CBC(168)          SHA1
    KRB5-DES-CBC3-MD5             0x00, 0x23       KRB5          KRB5     3DES-CBC(168)          MD5
    KRB5-DES-CBC3-SHA             0x00, 0x1F       KRB5          KRB5     3DES-CBC(168)          SHA1
    DES-CBC3-SHA                  0x00, 0x0A       RSA           RSA      3DES-CBC(168)          SHA1

The fields above are :

  {Tenable ciphername}
  {Cipher ID code}
  Kex={key exchange}
  Auth={authentication}
  Encrypt={symmetric encryption method}
  MAC={message authentication code}
  {export flag}","The remote service supports the use of medium strength SSL ciphers.","The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.","Reconfigure the affected application if possible to avoid use of medium strength ciphers.","https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info","Medium","","5.1","5.0","7.5","","","AV:N/AC:L/Au:N/C:P/I:N/A:N","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","","CVE-2016-2183","","","Aug 5, 2020 11:51:37 PDT","Aug 5, 2020 11:51:37 PDT","Aug 24, 2016 12:00:00 PDT","N/A","Nov 23, 2009 12:00:00 PST","Feb 28, 2019 12:00:00 PST","","","remote","1.20"
"45411","SSL Certificate with Wrong Hostname","General","Medium","169.230.27.25","TCP","636","No","Incident Response Ad-Hoc","","cxconference.cgl.ucsf.edu","","Plugin Output: 
The identities known by Nessus are :

  cxconference.rbvi.ucsf.edu
  cxconference.cgl.ucsf.edu

The Common Name in the certificate is :

  ldap.cgl.ucsf.edu

The Subject Alternate Names in the certificate are :

  ldap-1.cgl.ucsf.edu
  ldap-2.cgl.ucsf.edu
  ldap-3.cgl.ucsf.edu
  ldap-master.cgl.ucsf.edu
  ldap.cgl.ucsf.edu","The SSL certificate for this service is for a different host.","The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.","Purchase or generate a proper SSL certificate for this service.","","Medium","","","5.0","5.3","","","AV:N/AC:L/Au:N/C:N/I:P/A:N","AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","","","","","Aug 5, 2020 11:51:37 PDT","Aug 5, 2020 11:51:37 PDT","N/A","N/A","Apr 3, 2010 12:00:00 PDT","Apr 27, 2020 12:00:00 PDT","","","remote","1.20"
"51192","SSL Certificate Cannot Be Trusted","General","Medium","169.230.27.25","TCP","443","No","Incident Response Ad-Hoc","","cxconference.cgl.ucsf.edu","","Plugin Output: 
The following certificates were part of the certificate chain
sent by the remote host, but they have expired :

|-Subject   : C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
|-Not After : May 30 10:48:38 2020 GMT

|-Subject   : C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
|-Not After : May 30 10:48:38 2020 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
|-Issuer  : C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root","The SSL certificate for this service cannot be trusted.","The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

  - First, the top of the certificate chain sent by the     server might not be descended from a known public     certificate authority. This can occur either when the     top of the chain is an unrecognized, self-signed     certificate, or when intermediate certificates are     missing that would connect the top of the certificate     chain to a known public certificate authority.

  - Second, the certificate chain may contain a certificate     that is not valid at the time of the scan. This can     occur either when the scan occurs before one of the     certificate's 'notBefore' dates, or after one of the     certificate's 'notAfter' dates.

  - Third, the certificate chain may contain a signature     that either didn't match the certificate's information     or could not be verified. Bad signatures can be fixed by     getting the certificate with the bad signature to be     re-signed by its issuer. Signatures that could not be     verified are the result of the certificate's issuer     using a signing algorithm that Nessus either does not     support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.","Purchase or generate a proper SSL certificate for this service.","https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509","Medium","","","6.4","6.5","","","AV:N/AC:L/Au:N/C:P/I:P/A:N","AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","","","","","Aug 5, 2020 11:51:37 PDT","Aug 5, 2020 11:51:37 PDT","N/A","N/A","Dec 15, 2010 12:00:00 PST","Apr 27, 2020 12:00:00 PDT","","","remote","1.19"
"57582","SSL Self-Signed Certificate","General","Medium","169.230.27.25","TCP","443","No","Incident Response Ad-Hoc","","cxconference.cgl.ucsf.edu","","Plugin Output: 
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root","The SSL certificate chain for this service ends in an unrecognized self-signed certificate.","The X.509 certificate chain for this service is not signed by a recognized certificate authority.  If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. 

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.","Purchase or generate a proper SSL certificate for this service.","","Medium","","","6.4","","","","AV:N/AC:L/Au:N/C:P/I:P/A:N","","","","","","Aug 5, 2020 11:51:37 PDT","Aug 5, 2020 11:51:37 PDT","N/A","N/A","Jan 17, 2012 12:00:00 PST","Apr 27, 2020 12:00:00 PDT","","","remote","1.5"
"65821","SSL RC4 Cipher Suites Supported (Bar Mitzvah)","General","Medium","169.230.27.25","TCP","443","No","Incident Response Ad-Hoc","","cxconference.cgl.ucsf.edu","","Plugin Output: 
List of RC4 cipher suites supported by the remote server :

  High Strength Ciphers (>= 112-bit key)

    Name                          Code             KEX           Auth     Encryption             MAC
    ----------------------        ----------       ---           ----     ---------------------  ---
    ECDHE-RSA-RC4-SHA             0xC0, 0x11       ECDH          RSA      RC4(128)               SHA1
    KRB5-RC4-MD5                  0x00, 0x24       KRB5          KRB5     RC4(128)               MD5
    KRB5-RC4-SHA                  0x00, 0x20       KRB5          KRB5     RC4(128)               SHA1
    RC4-MD5                       0x00, 0x04       RSA           RSA      RC4(128)               MD5
    RC4-SHA                       0x00, 0x05       RSA           RSA      RC4(128)               SHA1

The fields above are :

  {Tenable ciphername}
  {Cipher ID code}
  Kex={key exchange}
  Auth={authentication}
  Encrypt={symmetric encryption method}
  MAC={message authentication code}
  {export flag}","The remote service supports the use of the RC4 cipher.","The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.","Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.","https://www.rc4nomore.com/
http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf","Medium","","5.1","4.3","5.9","3.7","5.4","AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:ND/RC:C","AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:C","","CVE-2013-2566,CVE-2015-2808","58796,73684","","Aug 5, 2020 11:51:37 PDT","Aug 5, 2020 11:51:37 PDT","Mar 12, 2013 12:00:00 PDT","N/A","Apr 5, 2013 12:00:00 PDT","Feb 27, 2020 12:00:00 PST","No known exploits are available","","remote","1.20"