SSL Version 2 (v2) Protocol Detection

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote service encrypts traffic using a protocol with known
weaknesses.

Description :

The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt
communications between the affected service and clients.

See also :

http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.linux4beginners.info/node/disable-sslv2

Solution :

Consult the application's documentation to disable SSL 2.0 and use
SSL 3.0, TLS 1.0, or higher instead.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Service detection

Nessus Plugin ID: 20007 ()

Bugtraq ID:

CVE ID: CVE-2005-2969