Anonymous Key Exchanges Supported (PCI DSS)

Medium Nessus Plugin ID 106457


A service on the remote host supports an unauthenticated key exchange


At least one of the SSL or TLS services on the remote host supports an anonymous DH or anonymous ECDH cipher. When an anonymous cipher is used, the client does not authenticate the server and an attacker may intercept and modify encrypted traffic.


Consult the software's manual and reconfigure the service to disable support for anonymous key exchanges.

Plugin Details

Severity: Medium

ID: 106457

File Name: pci_anon_key_exchanges.nasl

Version: 1.3

Type: remote

Family: General

Published: 2018/01/29

Updated: 2020/04/22

Dependencies: 31705

Risk Information

Risk Factor: Medium

CVSS Score Source: manual

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2.0

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

Required KB Items: Settings/PCI_DSS

Excluded KB Items: Settings/PCI_DSS_local_checks