ID de Prueba:	1.3.6.1.4.1.25623.1.0.102092
Categoría:	SSL and TLS
Título:	DTLS: Deprecated DTLSv1.0 Detection
Resumen:	It was possible to detect the usage of the deprecated DTLSv1.0; protocol on this system.
Descripción:	Summary: It was possible to detect the usage of the deprecated DTLSv1.0 protocol on this system. Vulnerability Insight: The DTLSv1.0 protocol contains known cryptographic flaws like: - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK) Note: Unlike for TLS there was now DTLSv1.1 protocol version and thus this VT isn't testing for this version. Vulnerability Impact: An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore. Affected Software/OS: All services providing an encrypted communication using the DTLSv1.0 protocol. Solution: It is recommended to disable the deprecated DTLSv1.0 protocol in favor of the DTLSv1.2+ protocols. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0204 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 71936 http://www.securityfocus.com/bid/71936 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Cisco Security Advisory: 20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl Debian Security Information: DSA-3125 (Google Search) http://www.debian.org/security/2015/dsa-3125 https://security.gentoo.org/glsa/201503-11 HPdes Security Advisory: HPSBGN03299 http://marc.info/?l=bugtraq&m=142720981827617&w=2 HPdes Security Advisory: HPSBHF03289 http://marc.info/?l=bugtraq&m=142721102728110&w=2 HPdes Security Advisory: HPSBMU03345 http://marc.info/?l=bugtraq&m=144043644216842&w=2 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03396 http://marc.info/?l=bugtraq&m=144050205101530&w=2 HPdes Security Advisory: HPSBMU03397 http://marc.info/?l=bugtraq&m=144050297101809&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 HPdes Security Advisory: HPSBMU03413 http://marc.info/?l=bugtraq&m=144050254401665&w=2 HPdes Security Advisory: HPSBOV03318 http://marc.info/?l=bugtraq&m=142895206924048&w=2 HPdes Security Advisory: HPSBUX03162 http://marc.info/?l=bugtraq&m=142496179803395&w=2 HPdes Security Advisory: HPSBUX03244 http://marc.info/?l=bugtraq&m=142496289803847&w=2 HPdes Security Advisory: HPSBUX03334 http://marc.info/?l=bugtraq&m=143213830203296&w=2 HPdes Security Advisory: SSRT101885 HPdes Security Advisory: SSRT101987 HPdes Security Advisory: SSRT102000 http://www.mandriva.com/security/advisories?name=MDVSA-2015:019 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 http://www.mandriva.com/security/advisories?name=MDVSA-2015:063 https://freakattack.com/ RedHat Security Advisories: RHSA-2015:0066 http://rhn.redhat.com/errata/RHSA-2015-0066.html RedHat Security Advisories: RHSA-2015:0800 http://rhn.redhat.com/errata/RHSA-2015-0800.html RedHat Security Advisories: RHSA-2015:0849 http://rhn.redhat.com/errata/RHSA-2015-0849.html RedHat Security Advisories: RHSA-2016:1650 http://rhn.redhat.com/errata/RHSA-2016-1650.html http://www.securitytracker.com/id/1033378 SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html SuSE Security Announcement: SUSE-SU-2015:1085 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html SuSE Security Announcement: SUSE-SU-2015:1086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html SuSE Security Announcement: SUSE-SU-2015:1138 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html SuSE Security Announcement: SUSE-SU-2015:1161 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html SuSE Security Announcement: SUSE-SU-2015:2168 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html SuSE Security Announcement: SUSE-SU-2015:2182 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html SuSE Security Announcement: SUSE-SU-2015:2216 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html SuSE Security Announcement: openSUSE-SU-2015:0130 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html XForce ISS Database: openssl-cve20150204-weak-security(99707) https://exchange.xforce.ibmcloud.com/vulnerabilities/99707
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.