Netzwerk Sicherheits Prüfungen / Anfälligkeitsfeststellung von SecuritySpace

Kategorie: SSL and TLS

ID # Risk

1.3.6.1.4.1.25623.1.0.902816 Sonstige SSL/TLS: Report Medium Cipher Suites

1.3.6.1.4.1.25623.1.0.900238 Sonstige SSL/TLS: Cipher Settings

1.3.6.1.4.1.25623.1.0.900234 Sonstige SSL/TLS: Check Supported Cipher Suites

1.3.6.1.4.1.25623.1.0.805188 Mittel SSL/TLS: 'DHE_EXPORT' MITM Security Bypass Vulnerability (LogJam)

1.3.6.1.4.1.25623.1.0.805142 Mittel SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK)

1.3.6.1.4.1.25623.1.0.802087 Mittel SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)

1.3.6.1.4.1.25623.1.0.802067 Sonstige SSL/TLS: Report Supported Cipher Suites

1.3.6.1.4.1.25623.1.0.15901 Sonstige SSL/TLS: Certificate Expiry

1.3.6.1.4.1.25623.1.0.150749 Mittel SSL/TLS: Server Certificate / Certificate in Chain with ECC keys less than 224 bits

1.3.6.1.4.1.25623.1.0.150713 Mittel Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)

1.3.6.1.4.1.25623.1.0.150712 Mittel Weak (Small) Public Key Size(s) (SSH)

1.3.6.1.4.1.25623.1.0.150711 Mittel SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 1024 bits

1.3.6.1.4.1.25623.1.0.150710 Mittel SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 2048 bits

1.3.6.1.4.1.25623.1.0.147122 Mittel SSL/TLS: Known Compromised Certificate Detection

1.3.6.1.4.1.25623.1.0.147115 Sonstige SSL/TLS: Client Certificate Required (HTTP)

1.3.6.1.4.1.25623.1.0.140152 Sonstige SSL/TLS: Microsoft Remote Desktop Protocol STARTTLS Detection

1.3.6.1.4.1.25623.1.0.117840 Mittel Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)

1.3.6.1.4.1.25623.1.0.117839 Mittel Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater)

1.3.6.1.4.1.25623.1.0.117810 Sonstige SSL/TLS: Client Certificate Required

1.3.6.1.4.1.25623.1.0.117764 Sonstige SSL/TLS: Untrusted Certificate Detection

1.3.6.1.4.1.25623.1.0.117761 Mittel SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)

1.3.6.1.4.1.25623.1.0.117758 Hoch SSL/TLS: Renegotiation MITM Vulnerability (CVE-2009-3555)

1.3.6.1.4.1.25623.1.0.117757 Sonstige SSL/TLS: Safe/Secure Renegotiation Support Status

1.3.6.1.4.1.25623.1.0.117687 Mittel Weak Host Key Algorithm(s) (SSH)

1.3.6.1.4.1.25623.1.0.117414 Mittel SSL/TLS: BREACH attack against HTTP compression

1.3.6.1.4.1.25623.1.0.117274 Mittel SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection

1.3.6.1.4.1.25623.1.0.113054 Mittel SSL/TLS: Known Untrusted / Dangerous Certificate Authority (CA) Detection

1.3.6.1.4.1.25623.1.0.113045 Sonstige SSL/TLS: Expect Certificate Transparency (Expect-CT) Detection

1.3.6.1.4.1.25623.1.0.111012 Mittel SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection

1.3.6.1.4.1.25623.1.0.111010 Sonstige SSL/TLS: Hostname discovery from server certificate

1.3.6.1.4.1.25623.1.0.108553 Sonstige SSL/TLS: FTP Missing Support For AUTH TLS

1.3.6.1.4.1.25623.1.0.108552 Sonstige SSL/TLS: POP3 Missing Support For STLS

1.3.6.1.4.1.25623.1.0.108551 Sonstige SSL/TLS: IMAP Missing Support For STARTTLS

1.3.6.1.4.1.25623.1.0.108251 Sonstige SSL/TLS: Check for `max-age` Attribute in HSTS Header

1.3.6.1.4.1.25623.1.0.108250 Sonstige SSL/TLS: Check for `max-age` Attribute in HPKP Header

1.3.6.1.4.1.25623.1.0.108249 Sonstige SSL/TLS: `includeSubDomains` Missing in HPKP Header

1.3.6.1.4.1.25623.1.0.108248 Sonstige SSL/TLS: HPKP / HSTS / Expect-CT Headers sent via plain HTTP

1.3.6.1.4.1.25623.1.0.108247 Sonstige SSL/TLS: HTTP Public Key Pinning (HPKP) Missing

1.3.6.1.4.1.25623.1.0.108245 Sonstige SSL/TLS: HTTP Public Key Pinning (HPKP) Detection

1.3.6.1.4.1.25623.1.0.108147 Hoch SSL/TLS: Report 'Anonymous' Cipher Suites

1.3.6.1.4.1.25623.1.0.108099 Sonstige SSL/TLS: NPN / ALPN Extension and Protocol Support Detection

1.3.6.1.4.1.25623.1.0.108094 Mittel SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)

1.3.6.1.4.1.25623.1.0.108072 Sonstige SSL/TLS: IRC 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.108071 Sonstige SSL/TLS: MySQL / MariaDB (STARTTLS-like) SSL/TLS Detection

1.3.6.1.4.1.25623.1.0.108031 Mittel SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

1.3.6.1.4.1.25623.1.0.108022 Mittel SSL/TLS: Report 'Null' Cipher Suites

1.3.6.1.4.1.25623.1.0.107141 Mittel SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability

1.3.6.1.4.1.25623.1.0.106237 Mittel SSL/TLS: Certificate In Chain Expired

1.3.6.1.4.1.25623.1.0.106223 Mittel SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability

1.3.6.1.4.1.25623.1.0.105891 Sonstige SSL/TLS: Certificate In Chain Will Soon Expire

1.3.6.1.4.1.25623.1.0.105887 Sonstige SSL/TLS: Get Certificate Chain

1.3.6.1.4.1.25623.1.0.105884 Sonstige SSL/TLS: SNI Support Detection

1.3.6.1.4.1.25623.1.0.105880 Mittel SSL/TLS: Certificate Signed Using A Weak Signature Algorithm

1.3.6.1.4.1.25623.1.0.105879 Sonstige SSL/TLS: HTTP Strict Transport Security (HSTS) Missing

1.3.6.1.4.1.25623.1.0.105878 Sonstige SSL/TLS: `preload` Missing in HSTS Header

1.3.6.1.4.1.25623.1.0.105877 Sonstige SSL/TLS: `includeSubDomains` Missing in HSTS Header

1.3.6.1.4.1.25623.1.0.105876 Sonstige SSL/TLS: HTTP Strict Transport Security (HSTS) Detection

1.3.6.1.4.1.25623.1.0.105782 Sonstige SSL/TLS: Version Detection

1.3.6.1.4.1.25623.1.0.105611 Mittel Weak Encryption Algorithm(s) Supported (SSH)

1.3.6.1.4.1.25623.1.0.105610 Mittel Weak MAC Algorithm(s) Supported (SSH)

1.3.6.1.4.1.25623.1.0.105497 Hoch Known SSH Host Key

1.3.6.1.4.1.25623.1.0.105483 Sonstige SSL/TLS: TLS_FALLBACK_SCSV Detection

1.3.6.1.4.1.25623.1.0.105092 Sonstige SSL/TLS: Perfect Forward Secrecy Cipher Suites Missing

1.3.6.1.4.1.25623.1.0.105091 Sonstige SSL/TLS: SMTP Missing Support For STARTTLS

1.3.6.1.4.1.25623.1.0.105042 Hoch SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability

1.3.6.1.4.1.25623.1.0.105018 Sonstige SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites

1.3.6.1.4.1.25623.1.0.105016 Sonstige SSL/TLS: LDAP 'Start TLS OID' Detection

1.3.6.1.4.1.25623.1.0.105015 Sonstige SSL/TLS: NNTP 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.105014 Sonstige SSL/TLS: XMPP 'STARTTLS' Extension Detection

1.3.6.1.4.1.25623.1.0.105013 Sonstige SSL/TLS: PostgreSQL SSL/TLS Support Detection (PostgreSQL Protocol)

1.3.6.1.4.1.25623.1.0.105009 Sonstige SSL/TLS: FTP 'AUTH TLS' Command Detection

1.3.6.1.4.1.25623.1.0.105008 Sonstige SSL/TLS: POP3 'STLS' Command Detection

1.3.6.1.4.1.25623.1.0.105007 Sonstige SSL/TLS: IMAP 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.103958 Sonstige SSL/TLS: Certificate Too Long Valid

1.3.6.1.4.1.25623.1.0.103957 Sonstige SSL/TLS: Certificate Will Soon Expire

1.3.6.1.4.1.25623.1.0.103956 Sonstige SSL/TLS: Certificate Not Valid Yet

1.3.6.1.4.1.25623.1.0.103955 Mittel SSL/TLS: Certificate Expired

1.3.6.1.4.1.25623.1.0.103936 Mittel SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability

1.3.6.1.4.1.25623.1.0.103823 Sonstige SSL/TLS: Version Detection Report

1.3.6.1.4.1.25623.1.0.103692 Sonstige SSL/TLS: Collect and Report Certificate Details

1.3.6.1.4.1.25623.1.0.103441 Sonstige SSL/TLS: Report Non Weak Cipher Suites

1.3.6.1.4.1.25623.1.0.103440 Mittel SSL/TLS: Report Weak Cipher Suites

1.3.6.1.4.1.25623.1.0.103141 Sonstige SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN

1.3.6.1.4.1.25623.1.0.103140 Sonstige SSL/TLS: Certificate - Self-Signed Certificate Detection

1.3.6.1.4.1.25623.1.0.103118 Sonstige SSL/TLS: SMTP 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.102092 Mittel DTLS: Deprecated DTLSv1.0 Detection

ID #	Risk
1.3.6.1.4.1.25623.1.0.902816	Sonstige	SSL/TLS: Report Medium Cipher Suites
1.3.6.1.4.1.25623.1.0.900238	Sonstige	SSL/TLS: Cipher Settings
1.3.6.1.4.1.25623.1.0.900234	Sonstige	SSL/TLS: Check Supported Cipher Suites
1.3.6.1.4.1.25623.1.0.805188	Mittel	SSL/TLS: 'DHE_EXPORT' MITM Security Bypass Vulnerability (LogJam)
1.3.6.1.4.1.25623.1.0.805142	Mittel	SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK)
1.3.6.1.4.1.25623.1.0.802087	Mittel	SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)
1.3.6.1.4.1.25623.1.0.802067	Sonstige	SSL/TLS: Report Supported Cipher Suites
1.3.6.1.4.1.25623.1.0.15901	Sonstige	SSL/TLS: Certificate Expiry
1.3.6.1.4.1.25623.1.0.150749	Mittel	SSL/TLS: Server Certificate / Certificate in Chain with ECC keys less than 224 bits
1.3.6.1.4.1.25623.1.0.150713	Mittel	Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)
1.3.6.1.4.1.25623.1.0.150712	Mittel	Weak (Small) Public Key Size(s) (SSH)
1.3.6.1.4.1.25623.1.0.150711	Mittel	SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 1024 bits
1.3.6.1.4.1.25623.1.0.150710	Mittel	SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 2048 bits
1.3.6.1.4.1.25623.1.0.147122	Mittel	SSL/TLS: Known Compromised Certificate Detection
1.3.6.1.4.1.25623.1.0.147115	Sonstige	SSL/TLS: Client Certificate Required (HTTP)
1.3.6.1.4.1.25623.1.0.140152	Sonstige	SSL/TLS: Microsoft Remote Desktop Protocol STARTTLS Detection
1.3.6.1.4.1.25623.1.0.117840	Mittel	Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)
1.3.6.1.4.1.25623.1.0.117839	Mittel	Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater)
1.3.6.1.4.1.25623.1.0.117810	Sonstige	SSL/TLS: Client Certificate Required
1.3.6.1.4.1.25623.1.0.117764	Sonstige	SSL/TLS: Untrusted Certificate Detection
1.3.6.1.4.1.25623.1.0.117761	Mittel	SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)
1.3.6.1.4.1.25623.1.0.117758	Hoch	SSL/TLS: Renegotiation MITM Vulnerability (CVE-2009-3555)
1.3.6.1.4.1.25623.1.0.117757	Sonstige	SSL/TLS: Safe/Secure Renegotiation Support Status
1.3.6.1.4.1.25623.1.0.117687	Mittel	Weak Host Key Algorithm(s) (SSH)
1.3.6.1.4.1.25623.1.0.117414	Mittel	SSL/TLS: BREACH attack against HTTP compression
1.3.6.1.4.1.25623.1.0.117274	Mittel	SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
1.3.6.1.4.1.25623.1.0.113054	Mittel	SSL/TLS: Known Untrusted / Dangerous Certificate Authority (CA) Detection
1.3.6.1.4.1.25623.1.0.113045	Sonstige	SSL/TLS: Expect Certificate Transparency (Expect-CT) Detection
1.3.6.1.4.1.25623.1.0.111012	Mittel	SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
1.3.6.1.4.1.25623.1.0.111010	Sonstige	SSL/TLS: Hostname discovery from server certificate
1.3.6.1.4.1.25623.1.0.108553	Sonstige	SSL/TLS: FTP Missing Support For AUTH TLS
1.3.6.1.4.1.25623.1.0.108552	Sonstige	SSL/TLS: POP3 Missing Support For STLS
1.3.6.1.4.1.25623.1.0.108551	Sonstige	SSL/TLS: IMAP Missing Support For STARTTLS
1.3.6.1.4.1.25623.1.0.108251	Sonstige	SSL/TLS: Check for `max-age` Attribute in HSTS Header
1.3.6.1.4.1.25623.1.0.108250	Sonstige	SSL/TLS: Check for `max-age` Attribute in HPKP Header
1.3.6.1.4.1.25623.1.0.108249	Sonstige	SSL/TLS: `includeSubDomains` Missing in HPKP Header
1.3.6.1.4.1.25623.1.0.108248	Sonstige	SSL/TLS: HPKP / HSTS / Expect-CT Headers sent via plain HTTP
1.3.6.1.4.1.25623.1.0.108247	Sonstige	SSL/TLS: HTTP Public Key Pinning (HPKP) Missing
1.3.6.1.4.1.25623.1.0.108245	Sonstige	SSL/TLS: HTTP Public Key Pinning (HPKP) Detection
1.3.6.1.4.1.25623.1.0.108147	Hoch	SSL/TLS: Report 'Anonymous' Cipher Suites
1.3.6.1.4.1.25623.1.0.108099	Sonstige	SSL/TLS: NPN / ALPN Extension and Protocol Support Detection
1.3.6.1.4.1.25623.1.0.108094	Mittel	SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)
1.3.6.1.4.1.25623.1.0.108072	Sonstige	SSL/TLS: IRC 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.108071	Sonstige	SSL/TLS: MySQL / MariaDB (STARTTLS-like) SSL/TLS Detection
1.3.6.1.4.1.25623.1.0.108031	Mittel	SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
1.3.6.1.4.1.25623.1.0.108022	Mittel	SSL/TLS: Report 'Null' Cipher Suites
1.3.6.1.4.1.25623.1.0.107141	Mittel	SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability
1.3.6.1.4.1.25623.1.0.106237	Mittel	SSL/TLS: Certificate In Chain Expired
1.3.6.1.4.1.25623.1.0.106223	Mittel	SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability
1.3.6.1.4.1.25623.1.0.105891	Sonstige	SSL/TLS: Certificate In Chain Will Soon Expire
1.3.6.1.4.1.25623.1.0.105887	Sonstige	SSL/TLS: Get Certificate Chain
1.3.6.1.4.1.25623.1.0.105884	Sonstige	SSL/TLS: SNI Support Detection
1.3.6.1.4.1.25623.1.0.105880	Mittel	SSL/TLS: Certificate Signed Using A Weak Signature Algorithm
1.3.6.1.4.1.25623.1.0.105879	Sonstige	SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
1.3.6.1.4.1.25623.1.0.105878	Sonstige	SSL/TLS: `preload` Missing in HSTS Header
1.3.6.1.4.1.25623.1.0.105877	Sonstige	SSL/TLS: `includeSubDomains` Missing in HSTS Header
1.3.6.1.4.1.25623.1.0.105876	Sonstige	SSL/TLS: HTTP Strict Transport Security (HSTS) Detection
1.3.6.1.4.1.25623.1.0.105782	Sonstige	SSL/TLS: Version Detection
1.3.6.1.4.1.25623.1.0.105611	Mittel	Weak Encryption Algorithm(s) Supported (SSH)
1.3.6.1.4.1.25623.1.0.105610	Mittel	Weak MAC Algorithm(s) Supported (SSH)
1.3.6.1.4.1.25623.1.0.105497	Hoch	Known SSH Host Key
1.3.6.1.4.1.25623.1.0.105483	Sonstige	SSL/TLS: TLS_FALLBACK_SCSV Detection
1.3.6.1.4.1.25623.1.0.105092	Sonstige	SSL/TLS: Perfect Forward Secrecy Cipher Suites Missing
1.3.6.1.4.1.25623.1.0.105091	Sonstige	SSL/TLS: SMTP Missing Support For STARTTLS
1.3.6.1.4.1.25623.1.0.105042	Hoch	SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability
1.3.6.1.4.1.25623.1.0.105018	Sonstige	SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
1.3.6.1.4.1.25623.1.0.105016	Sonstige	SSL/TLS: LDAP 'Start TLS OID' Detection
1.3.6.1.4.1.25623.1.0.105015	Sonstige	SSL/TLS: NNTP 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.105014	Sonstige	SSL/TLS: XMPP 'STARTTLS' Extension Detection
1.3.6.1.4.1.25623.1.0.105013	Sonstige	SSL/TLS: PostgreSQL SSL/TLS Support Detection (PostgreSQL Protocol)
1.3.6.1.4.1.25623.1.0.105009	Sonstige	SSL/TLS: FTP 'AUTH TLS' Command Detection
1.3.6.1.4.1.25623.1.0.105008	Sonstige	SSL/TLS: POP3 'STLS' Command Detection
1.3.6.1.4.1.25623.1.0.105007	Sonstige	SSL/TLS: IMAP 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.103958	Sonstige	SSL/TLS: Certificate Too Long Valid
1.3.6.1.4.1.25623.1.0.103957	Sonstige	SSL/TLS: Certificate Will Soon Expire
1.3.6.1.4.1.25623.1.0.103956	Sonstige	SSL/TLS: Certificate Not Valid Yet
1.3.6.1.4.1.25623.1.0.103955	Mittel	SSL/TLS: Certificate Expired
1.3.6.1.4.1.25623.1.0.103936	Mittel	SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability
1.3.6.1.4.1.25623.1.0.103823	Sonstige	SSL/TLS: Version Detection Report
1.3.6.1.4.1.25623.1.0.103692	Sonstige	SSL/TLS: Collect and Report Certificate Details
1.3.6.1.4.1.25623.1.0.103441	Sonstige	SSL/TLS: Report Non Weak Cipher Suites
1.3.6.1.4.1.25623.1.0.103440	Mittel	SSL/TLS: Report Weak Cipher Suites
1.3.6.1.4.1.25623.1.0.103141	Sonstige	SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN
1.3.6.1.4.1.25623.1.0.103140	Sonstige	SSL/TLS: Certificate - Self-Signed Certificate Detection
1.3.6.1.4.1.25623.1.0.103118	Sonstige	SSL/TLS: SMTP 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.102092	Mittel	DTLS: Deprecated DTLSv1.0 Detection