Report
Report
Report
Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was Immediate scan of IP 192.168.16.140. The scan started at Sat Jul 20 17:57:16
2024 UTC and ended at Sat Jul 20 18:09:22 2024 UTC. The report rst summarises the
results found. Then, for each host, the report describes every issue found. Please consider
the advice given in each description, in order to rectify the issue.
Contents
1 Result Overview 2
2 Results per Host 2
2.1 192.168.16.140 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1
2 RESULTS PER HOST 2
1 Result Overview
This report contains all 3 results selected by the ltering described above. Before ltering there
were 26 results.
Summary
Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC ser-
vices running on the remote host can be enumerated by connecting on port 135 and doing the
appropriate queries.
Impact
An attacker may use this fact to gain more knowledge about the remote host.
Solution:
Solution type: Mitigation
Filter incoming trac to this ports.
[ return to 192.168.16.140 ]
Summary
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this
system.
Quality of Detection: 98
Impact
. . . continues on next page . . .
2 RESULTS PER HOST 5
Solution:
Solution type: Mitigation
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the
TLSv1.2+ protocols. Please see the references for more information.
Aected Software/OS
All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.
Vulnerability Insight
The TLSv1.0 and TLSv1.1 protocols contain known cryptographic aws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded
Legacy Encryption (FREAK)
References
cve: CVE-2011-3389
cve: CVE-2015-0204
url: https://ssl-config.mozilla.org/
url: https://bettercrypto.org/
url: https://datatracker.ietf.org/doc/rfc8996/
url: https://vnhacker.blogspot.com/2011/09/beast.html
url: https://web.archive.org/web/20201108095603/https://censys.io/blog/freak
url: https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters
,→-report-2014
cert-bund: WID-SEC-2023-1435
cert-bund: CB-K18/0799
cert-bund: CB-K16/1289
cert-bund: CB-K16/1096
cert-bund: CB-K15/1751
cert-bund: CB-K15/1266
cert-bund: CB-K15/0850
cert-bund: CB-K15/0764
cert-bund: CB-K15/0720
cert-bund: CB-K15/0548
. . . continues on next page . . .
2 RESULTS PER HOST 6
[ return to 192.168.16.140 ]
Summary
The remote host responded to an ICMP timestamp request.
Quality of Detection: 80
Impact
This information could theoretically be used to exploit weak time-based random number gener-
ators in other services.
Solution:
Solution type: Mitigation
Various mitigations are possible:
- Disable the support for ICMP timestamp on the remote host completely
- Protect the remote host by a rewall, and block ICMP packets passing through the rewall in
either direction (either completely or only for untrusted networks)
Vulnerability Insight
The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists
of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp
and a transmit timestamp.
References
cve: CVE-1999-0524
url: https://datatracker.ietf.org/doc/html/rfc792
url: https://datatracker.ietf.org/doc/html/rfc2780
cert-bund: CB-K15/1514
cert-bund: CB-K14/0632
dfn-cert: DFN-CERT-2014-0658
[ return to 192.168.16.140 ]
2 RESULTS PER HOST 9