SSL Anonymous Cipher Suites Supported

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.

Synopsis :

The remote service supports the use of anonymous SSL ciphers.

Description :

The remote host supports the use of anonymous SSL ciphers. While this
enables an administrator to set up a service that encrypts traffic
without having to generate and configure SSL certificates, it offers
no way to verify the remote host's identity and renders the service
vulnerable to a man-in-the-middle attack.

Note: This is considerably easier to exploit if the attacker is on the
same physical network.

See also :

Solution :

Reconfigure the affected application if possible to avoid use of weak

Risk factor :

Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.3
Public Exploit Available : true

Family: Service detection

Nessus Plugin ID: 31705 ()

Bugtraq ID: 28482

CVE ID: CVE-2007-1858