Check For SSL Weak Ciphers Network Vulnerability

Summary

This routine search for weak SSL ciphers offered by a service.

Solution

The configuration of this services should be changed so that it does not support the listed weak ciphers anymore.

Insight

These rules are applied for the evaluation of the cryptographic strength: - Any SSL/TLS using no cipher is considered weak. - All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol. - RC4 is considered to be weak. - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak. - 1024 bit RSA authentication is considered to be insecure and therefore as weak. - CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks - Any cipher considered to be secure for only the next 10 years is considered as medium - Any other cipher is considered as strong

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
Arris DOCSIS Password Disclosure
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
Apache Tomcat servlet/JSP container default files
Apple Safari libxml Denial of Service Vulnerability

Check for SSL Weak Ciphers

Take action and discover your vulnerabilities