Anonymous Key Exchanges Supported (PCI DSS)

medium Nessus Plugin ID 106457

Language:

Synopsis

A service on the remote host supports an unauthenticated key exchange

Description

At least one of the SSL or TLS services on the remote host supports an anonymous DH or anonymous ECDH cipher. When an anonymous cipher is used, the client does not authenticate the server and an attacker may intercept and modify encrypted traffic.

Solution

Consult the software's manual and reconfigure the service to disable support for anonymous key exchanges.

Plugin Details

Severity: Medium

ID: 106457

File Name: pci_anon_key_exchanges.nasl

Version: 1.3

Type: remote

Family: General

Published: 1/29/2018

Updated: 4/22/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

Required KB Items: Settings/PCI_DSS

Excluded KB Items: Settings/PCI_DSS_local_checks

Detections

Analytics