SSL Server Allows Anonymous Authentication Vulnerability – QID: 38142
- Мне нравится Показать отметки Мне нравится (0) 0
- Комментарий 4
I am having a little issue with a vulnerability found during a Qualys scan. It is for SSL Server Allows Anonymous Authentication Vulnerability – QID: 38142 and the Qualys scanner found the below weak ciphers on a registered port:
TLSv1 SUPPORTS CIPHERS WITH NO AUTHENTICATION
ADH-DES-CBC3-SHA DH None SHA1 3DES(168) MEDIUM
ADH-AES128-SHA DH None SHA1 AES(128) MEDIUM
ADH-AES256-SHA DH None SHA1 AES(256) HIGH
ADH-CAMELLIA128-SHA DH None SHA1 Camellia(128) MEDIUM
ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256) HIGH
ADH-SEED-SHA DH None SHA1 SEED(128) MEDIUM
It looks like these are all Anonymous Diffie Hellman. The problem is that I cannot find these ciphers anywhere to disable. The solution gave a bunch of Microsoft sites to assist, but I still can’t locate where these ciphers are. The vulnerability was discovered on Windows Server 2008 running IIS. I can’t install any tools on this server and all remediation needs to be performed locally so this will have to be a manual process.
I would appreciate any guidance or assistance you can provide!
Больше ни у кого нет этого вопроса