Description

The remote host supports TLS/SSL cipher suites with weak or insecure properties.

Remediation

Reconfigure the affected application to avoid use of weak cipher suites.

References

OWASP: TLS Cipher String Cheat Sheet

OWASP: Transport Layer Protection Cheat Sheet

Mozilla: TLS Cipher Suite Recommendations

SSLlabs: SSL and TLS Deployment Best Practices

RFC 9155: Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2

Related Vulnerabilities

An Unsafe Content Security Policy (CSP) Directive in Use

Express Development Mode enabled

Content Security Policy (CSP) Contains Out of Scope report-uri Domain

Insecure Transportation Security Protocol Supported (SSLv2)

OSGi Management Console Default Credentials

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto