Auditorías de Seguridad / Evaluación de vulnerabilidades de SecuritySpace

Categoría: SSL and TLS

ID # Riesgo Título de la Prueba

1.3.6.1.4.1.25623.1.0.902816 Otro SSL/TLS: Report Medium Cipher Suites

1.3.6.1.4.1.25623.1.0.900238 Otro SSL/TLS: Cipher Settings

1.3.6.1.4.1.25623.1.0.900234 Otro SSL/TLS: Check Supported Cipher Suites

1.3.6.1.4.1.25623.1.0.805188 Medio SSL/TLS: 'DHE_EXPORT' MITM Security Bypass Vulnerability (LogJam)

1.3.6.1.4.1.25623.1.0.805142 Medio SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK)

1.3.6.1.4.1.25623.1.0.802087 Medio SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)

1.3.6.1.4.1.25623.1.0.802067 Otro SSL/TLS: Report Supported Cipher Suites

1.3.6.1.4.1.25623.1.0.15901 Otro SSL/TLS: Certificate Expiry

1.3.6.1.4.1.25623.1.0.150749 Medio SSL/TLS: Server Certificate / Certificate in Chain with ECC keys less than 224 bits

1.3.6.1.4.1.25623.1.0.150713 Medio Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)

1.3.6.1.4.1.25623.1.0.150712 Medio Weak (Small) Public Key Size(s) (SSH)

1.3.6.1.4.1.25623.1.0.150711 Medio SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 1024 bits

1.3.6.1.4.1.25623.1.0.150710 Medio SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 2048 bits

1.3.6.1.4.1.25623.1.0.147122 Medio SSL/TLS: Known Compromised Certificate Detection

1.3.6.1.4.1.25623.1.0.147115 Otro SSL/TLS: Client Certificate Required (HTTP)

1.3.6.1.4.1.25623.1.0.140152 Otro SSL/TLS: Microsoft Remote Desktop Protocol STARTTLS Detection

1.3.6.1.4.1.25623.1.0.117840 Medio Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)

1.3.6.1.4.1.25623.1.0.117839 Medio Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater)

1.3.6.1.4.1.25623.1.0.117810 Otro SSL/TLS: Client Certificate Required

1.3.6.1.4.1.25623.1.0.117764 Otro SSL/TLS: Untrusted Certificate Detection

1.3.6.1.4.1.25623.1.0.117761 Medio SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)

1.3.6.1.4.1.25623.1.0.117758 Alto SSL/TLS: Renegotiation MITM Vulnerability (CVE-2009-3555)

1.3.6.1.4.1.25623.1.0.117757 Otro SSL/TLS: Safe/Secure Renegotiation Support Status

1.3.6.1.4.1.25623.1.0.117687 Medio Weak Host Key Algorithm(s) (SSH)

1.3.6.1.4.1.25623.1.0.117414 Medio SSL/TLS: BREACH attack against HTTP compression

1.3.6.1.4.1.25623.1.0.117274 Medio SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection

1.3.6.1.4.1.25623.1.0.113054 Medio SSL/TLS: Known Untrusted / Dangerous Certificate Authority (CA) Detection

1.3.6.1.4.1.25623.1.0.113045 Otro SSL/TLS: Expect Certificate Transparency (Expect-CT) Detection

1.3.6.1.4.1.25623.1.0.111012 Medio SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection

1.3.6.1.4.1.25623.1.0.111010 Otro SSL/TLS: Hostname discovery from server certificate

1.3.6.1.4.1.25623.1.0.108553 Otro SSL/TLS: FTP Missing Support For AUTH TLS

1.3.6.1.4.1.25623.1.0.108552 Otro SSL/TLS: POP3 Missing Support For STLS

1.3.6.1.4.1.25623.1.0.108551 Otro SSL/TLS: IMAP Missing Support For STARTTLS

1.3.6.1.4.1.25623.1.0.108251 Otro SSL/TLS: Check for `max-age` Attribute in HSTS Header

1.3.6.1.4.1.25623.1.0.108250 Otro SSL/TLS: Check for `max-age` Attribute in HPKP Header

1.3.6.1.4.1.25623.1.0.108249 Otro SSL/TLS: `includeSubDomains` Missing in HPKP Header

1.3.6.1.4.1.25623.1.0.108248 Otro SSL/TLS: HPKP / HSTS / Expect-CT Headers sent via plain HTTP

1.3.6.1.4.1.25623.1.0.108247 Otro SSL/TLS: HTTP Public Key Pinning (HPKP) Missing

1.3.6.1.4.1.25623.1.0.108245 Otro SSL/TLS: HTTP Public Key Pinning (HPKP) Detection

1.3.6.1.4.1.25623.1.0.108147 Alto SSL/TLS: Report 'Anonymous' Cipher Suites

1.3.6.1.4.1.25623.1.0.108099 Otro SSL/TLS: NPN / ALPN Extension and Protocol Support Detection

1.3.6.1.4.1.25623.1.0.108094 Medio SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)

1.3.6.1.4.1.25623.1.0.108072 Otro SSL/TLS: IRC 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.108071 Otro SSL/TLS: MySQL / MariaDB (STARTTLS-like) SSL/TLS Detection

1.3.6.1.4.1.25623.1.0.108031 Medio SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

1.3.6.1.4.1.25623.1.0.108022 Medio SSL/TLS: Report 'Null' Cipher Suites

1.3.6.1.4.1.25623.1.0.107141 Medio SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability

1.3.6.1.4.1.25623.1.0.106237 Medio SSL/TLS: Certificate In Chain Expired

1.3.6.1.4.1.25623.1.0.106223 Medio SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability

1.3.6.1.4.1.25623.1.0.105891 Otro SSL/TLS: Certificate In Chain Will Soon Expire

1.3.6.1.4.1.25623.1.0.105887 Otro SSL/TLS: Get Certificate Chain

1.3.6.1.4.1.25623.1.0.105884 Otro SSL/TLS: SNI Support Detection

1.3.6.1.4.1.25623.1.0.105880 Medio SSL/TLS: Certificate Signed Using A Weak Signature Algorithm

1.3.6.1.4.1.25623.1.0.105879 Otro SSL/TLS: HTTP Strict Transport Security (HSTS) Missing

1.3.6.1.4.1.25623.1.0.105878 Otro SSL/TLS: `preload` Missing in HSTS Header

1.3.6.1.4.1.25623.1.0.105877 Otro SSL/TLS: `includeSubDomains` Missing in HSTS Header

1.3.6.1.4.1.25623.1.0.105876 Otro SSL/TLS: HTTP Strict Transport Security (HSTS) Detection

1.3.6.1.4.1.25623.1.0.105782 Otro SSL/TLS: Version Detection

1.3.6.1.4.1.25623.1.0.105611 Medio Weak Encryption Algorithm(s) Supported (SSH)

1.3.6.1.4.1.25623.1.0.105610 Medio Weak MAC Algorithm(s) Supported (SSH)

1.3.6.1.4.1.25623.1.0.105497 Alto Known SSH Host Key

1.3.6.1.4.1.25623.1.0.105483 Otro SSL/TLS: TLS_FALLBACK_SCSV Detection

1.3.6.1.4.1.25623.1.0.105092 Otro SSL/TLS: Perfect Forward Secrecy Cipher Suites Missing

1.3.6.1.4.1.25623.1.0.105091 Otro SSL/TLS: SMTP Missing Support For STARTTLS

1.3.6.1.4.1.25623.1.0.105042 Alto SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability

1.3.6.1.4.1.25623.1.0.105018 Otro SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites

1.3.6.1.4.1.25623.1.0.105016 Otro SSL/TLS: LDAP 'Start TLS OID' Detection

1.3.6.1.4.1.25623.1.0.105015 Otro SSL/TLS: NNTP 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.105014 Otro SSL/TLS: XMPP 'STARTTLS' Extension Detection

1.3.6.1.4.1.25623.1.0.105013 Otro SSL/TLS: PostgreSQL SSL/TLS Support Detection (PostgreSQL Protocol)

1.3.6.1.4.1.25623.1.0.105009 Otro SSL/TLS: FTP 'AUTH TLS' Command Detection

1.3.6.1.4.1.25623.1.0.105008 Otro SSL/TLS: POP3 'STLS' Command Detection

1.3.6.1.4.1.25623.1.0.105007 Otro SSL/TLS: IMAP 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.103958 Otro SSL/TLS: Certificate Too Long Valid

1.3.6.1.4.1.25623.1.0.103957 Otro SSL/TLS: Certificate Will Soon Expire

1.3.6.1.4.1.25623.1.0.103956 Otro SSL/TLS: Certificate Not Valid Yet

1.3.6.1.4.1.25623.1.0.103955 Medio SSL/TLS: Certificate Expired

1.3.6.1.4.1.25623.1.0.103936 Medio SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability

1.3.6.1.4.1.25623.1.0.103823 Otro SSL/TLS: Version Detection Report

1.3.6.1.4.1.25623.1.0.103692 Otro SSL/TLS: Collect and Report Certificate Details

1.3.6.1.4.1.25623.1.0.103441 Otro SSL/TLS: Report Non Weak Cipher Suites

1.3.6.1.4.1.25623.1.0.103440 Medio SSL/TLS: Report Weak Cipher Suites

1.3.6.1.4.1.25623.1.0.103141 Otro SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN

1.3.6.1.4.1.25623.1.0.103140 Otro SSL/TLS: Certificate - Self-Signed Certificate Detection

1.3.6.1.4.1.25623.1.0.103118 Otro SSL/TLS: SMTP 'STARTTLS' Command Detection

1.3.6.1.4.1.25623.1.0.102092 Medio DTLS: Deprecated DTLSv1.0 Detection

ID #	Riesgo	Título de la Prueba
1.3.6.1.4.1.25623.1.0.902816	Otro	SSL/TLS: Report Medium Cipher Suites
1.3.6.1.4.1.25623.1.0.900238	Otro	SSL/TLS: Cipher Settings
1.3.6.1.4.1.25623.1.0.900234	Otro	SSL/TLS: Check Supported Cipher Suites
1.3.6.1.4.1.25623.1.0.805188	Medio	SSL/TLS: 'DHE_EXPORT' MITM Security Bypass Vulnerability (LogJam)
1.3.6.1.4.1.25623.1.0.805142	Medio	SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK)
1.3.6.1.4.1.25623.1.0.802087	Medio	SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)
1.3.6.1.4.1.25623.1.0.802067	Otro	SSL/TLS: Report Supported Cipher Suites
1.3.6.1.4.1.25623.1.0.15901	Otro	SSL/TLS: Certificate Expiry
1.3.6.1.4.1.25623.1.0.150749	Medio	SSL/TLS: Server Certificate / Certificate in Chain with ECC keys less than 224 bits
1.3.6.1.4.1.25623.1.0.150713	Medio	Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)
1.3.6.1.4.1.25623.1.0.150712	Medio	Weak (Small) Public Key Size(s) (SSH)
1.3.6.1.4.1.25623.1.0.150711	Medio	SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 1024 bits
1.3.6.1.4.1.25623.1.0.150710	Medio	SSL/TLS: Server Certificate / Certificate in Chain with RSA keys less than 2048 bits
1.3.6.1.4.1.25623.1.0.147122	Medio	SSL/TLS: Known Compromised Certificate Detection
1.3.6.1.4.1.25623.1.0.147115	Otro	SSL/TLS: Client Certificate Required (HTTP)
1.3.6.1.4.1.25623.1.0.140152	Otro	SSL/TLS: Microsoft Remote Desktop Protocol STARTTLS Detection
1.3.6.1.4.1.25623.1.0.117840	Medio	Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)
1.3.6.1.4.1.25623.1.0.117839	Medio	Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater)
1.3.6.1.4.1.25623.1.0.117810	Otro	SSL/TLS: Client Certificate Required
1.3.6.1.4.1.25623.1.0.117764	Otro	SSL/TLS: Untrusted Certificate Detection
1.3.6.1.4.1.25623.1.0.117761	Medio	SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)
1.3.6.1.4.1.25623.1.0.117758	Alto	SSL/TLS: Renegotiation MITM Vulnerability (CVE-2009-3555)
1.3.6.1.4.1.25623.1.0.117757	Otro	SSL/TLS: Safe/Secure Renegotiation Support Status
1.3.6.1.4.1.25623.1.0.117687	Medio	Weak Host Key Algorithm(s) (SSH)
1.3.6.1.4.1.25623.1.0.117414	Medio	SSL/TLS: BREACH attack against HTTP compression
1.3.6.1.4.1.25623.1.0.117274	Medio	SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
1.3.6.1.4.1.25623.1.0.113054	Medio	SSL/TLS: Known Untrusted / Dangerous Certificate Authority (CA) Detection
1.3.6.1.4.1.25623.1.0.113045	Otro	SSL/TLS: Expect Certificate Transparency (Expect-CT) Detection
1.3.6.1.4.1.25623.1.0.111012	Medio	SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
1.3.6.1.4.1.25623.1.0.111010	Otro	SSL/TLS: Hostname discovery from server certificate
1.3.6.1.4.1.25623.1.0.108553	Otro	SSL/TLS: FTP Missing Support For AUTH TLS
1.3.6.1.4.1.25623.1.0.108552	Otro	SSL/TLS: POP3 Missing Support For STLS
1.3.6.1.4.1.25623.1.0.108551	Otro	SSL/TLS: IMAP Missing Support For STARTTLS
1.3.6.1.4.1.25623.1.0.108251	Otro	SSL/TLS: Check for `max-age` Attribute in HSTS Header
1.3.6.1.4.1.25623.1.0.108250	Otro	SSL/TLS: Check for `max-age` Attribute in HPKP Header
1.3.6.1.4.1.25623.1.0.108249	Otro	SSL/TLS: `includeSubDomains` Missing in HPKP Header
1.3.6.1.4.1.25623.1.0.108248	Otro	SSL/TLS: HPKP / HSTS / Expect-CT Headers sent via plain HTTP
1.3.6.1.4.1.25623.1.0.108247	Otro	SSL/TLS: HTTP Public Key Pinning (HPKP) Missing
1.3.6.1.4.1.25623.1.0.108245	Otro	SSL/TLS: HTTP Public Key Pinning (HPKP) Detection
1.3.6.1.4.1.25623.1.0.108147	Alto	SSL/TLS: Report 'Anonymous' Cipher Suites
1.3.6.1.4.1.25623.1.0.108099	Otro	SSL/TLS: NPN / ALPN Extension and Protocol Support Detection
1.3.6.1.4.1.25623.1.0.108094	Medio	SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)
1.3.6.1.4.1.25623.1.0.108072	Otro	SSL/TLS: IRC 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.108071	Otro	SSL/TLS: MySQL / MariaDB (STARTTLS-like) SSL/TLS Detection
1.3.6.1.4.1.25623.1.0.108031	Medio	SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
1.3.6.1.4.1.25623.1.0.108022	Medio	SSL/TLS: Report 'Null' Cipher Suites
1.3.6.1.4.1.25623.1.0.107141	Medio	SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability
1.3.6.1.4.1.25623.1.0.106237	Medio	SSL/TLS: Certificate In Chain Expired
1.3.6.1.4.1.25623.1.0.106223	Medio	SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability
1.3.6.1.4.1.25623.1.0.105891	Otro	SSL/TLS: Certificate In Chain Will Soon Expire
1.3.6.1.4.1.25623.1.0.105887	Otro	SSL/TLS: Get Certificate Chain
1.3.6.1.4.1.25623.1.0.105884	Otro	SSL/TLS: SNI Support Detection
1.3.6.1.4.1.25623.1.0.105880	Medio	SSL/TLS: Certificate Signed Using A Weak Signature Algorithm
1.3.6.1.4.1.25623.1.0.105879	Otro	SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
1.3.6.1.4.1.25623.1.0.105878	Otro	SSL/TLS: `preload` Missing in HSTS Header
1.3.6.1.4.1.25623.1.0.105877	Otro	SSL/TLS: `includeSubDomains` Missing in HSTS Header
1.3.6.1.4.1.25623.1.0.105876	Otro	SSL/TLS: HTTP Strict Transport Security (HSTS) Detection
1.3.6.1.4.1.25623.1.0.105782	Otro	SSL/TLS: Version Detection
1.3.6.1.4.1.25623.1.0.105611	Medio	Weak Encryption Algorithm(s) Supported (SSH)
1.3.6.1.4.1.25623.1.0.105610	Medio	Weak MAC Algorithm(s) Supported (SSH)
1.3.6.1.4.1.25623.1.0.105497	Alto	Known SSH Host Key
1.3.6.1.4.1.25623.1.0.105483	Otro	SSL/TLS: TLS_FALLBACK_SCSV Detection
1.3.6.1.4.1.25623.1.0.105092	Otro	SSL/TLS: Perfect Forward Secrecy Cipher Suites Missing
1.3.6.1.4.1.25623.1.0.105091	Otro	SSL/TLS: SMTP Missing Support For STARTTLS
1.3.6.1.4.1.25623.1.0.105042	Alto	SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability
1.3.6.1.4.1.25623.1.0.105018	Otro	SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
1.3.6.1.4.1.25623.1.0.105016	Otro	SSL/TLS: LDAP 'Start TLS OID' Detection
1.3.6.1.4.1.25623.1.0.105015	Otro	SSL/TLS: NNTP 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.105014	Otro	SSL/TLS: XMPP 'STARTTLS' Extension Detection
1.3.6.1.4.1.25623.1.0.105013	Otro	SSL/TLS: PostgreSQL SSL/TLS Support Detection (PostgreSQL Protocol)
1.3.6.1.4.1.25623.1.0.105009	Otro	SSL/TLS: FTP 'AUTH TLS' Command Detection
1.3.6.1.4.1.25623.1.0.105008	Otro	SSL/TLS: POP3 'STLS' Command Detection
1.3.6.1.4.1.25623.1.0.105007	Otro	SSL/TLS: IMAP 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.103958	Otro	SSL/TLS: Certificate Too Long Valid
1.3.6.1.4.1.25623.1.0.103957	Otro	SSL/TLS: Certificate Will Soon Expire
1.3.6.1.4.1.25623.1.0.103956	Otro	SSL/TLS: Certificate Not Valid Yet
1.3.6.1.4.1.25623.1.0.103955	Medio	SSL/TLS: Certificate Expired
1.3.6.1.4.1.25623.1.0.103936	Medio	SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability
1.3.6.1.4.1.25623.1.0.103823	Otro	SSL/TLS: Version Detection Report
1.3.6.1.4.1.25623.1.0.103692	Otro	SSL/TLS: Collect and Report Certificate Details
1.3.6.1.4.1.25623.1.0.103441	Otro	SSL/TLS: Report Non Weak Cipher Suites
1.3.6.1.4.1.25623.1.0.103440	Medio	SSL/TLS: Report Weak Cipher Suites
1.3.6.1.4.1.25623.1.0.103141	Otro	SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN
1.3.6.1.4.1.25623.1.0.103140	Otro	SSL/TLS: Certificate - Self-Signed Certificate Detection
1.3.6.1.4.1.25623.1.0.103118	Otro	SSL/TLS: SMTP 'STARTTLS' Command Detection
1.3.6.1.4.1.25623.1.0.102092	Medio	DTLS: Deprecated DTLSv1.0 Detection