OpenSSL < 0.9.5a /dev/random Check Failure

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote host uses a version of OpenSSL that may have weak
encryption keys.

Description :

According to its banner, the version of OpenSSL running on the remote
host is less than 0.9.5a. On a FreeBSD system running on the Alpha
architecture, versions earlier than that may not use the /dev/random
and /dev/urandom devices to provide a strong source of cryptographic
entropy, which could lead to the generation of keys with weak
cryptographic strength.

See also :

Solution :

Upgrade OpenSSL to version 0.9.5a or higher and re-generate encryption

Risk factor :

Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.8

Family: Web Servers

Nessus Plugin ID: 17707 ()

Bugtraq ID: 1340

CVE ID: CVE-2000-0535

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now