SSL Server Allows Anonymous Authentication Vuln #cipher, #ssl


#

SSL Server Allows Anonymous Authentication Vulnerability – QID: 38142

  • Мне нравится Показать отметки Мне нравится (0) 0
  • Комментарий 4

I am having a little issue with a vulnerability found during a Qualys scan. It is for SSL Server Allows Anonymous Authentication Vulnerability – QID: 38142 and the Qualys scanner found the below weak ciphers on a registered port:

TLSv1 SUPPORTS CIPHERS WITH NO AUTHENTICATION

ADH-DES-CBC3-SHA DH None SHA1 3DES(168) MEDIUM

ADH-AES128-SHA DH None SHA1 AES(128) MEDIUM

ADH-AES256-SHA DH None SHA1 AES(256) HIGH

ADH-CAMELLIA128-SHA DH None SHA1 Camellia(128) MEDIUM

ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256) HIGH

ADH-SEED-SHA DH None SHA1 SEED(128) MEDIUM

It looks like these are all Anonymous Diffie Hellman. The problem is that I cannot find these ciphers anywhere to disable. The solution gave a bunch of Microsoft sites to assist, but I still can’t locate where these ciphers are. The vulnerability was discovered on Windows Server 2008 running IIS. I can’t install any tools on this server and all remediation needs to be performed locally so this will have to be a manual process.

I would appreciate any guidance or assistance you can provide!

Больше ни у кого нет этого вопроса


Leave a Reply

Your email address will not be published. Required fields are marked *