SSL Anonymous Cipher Suites Supported
Low Nessus Plugin ID 31705
SynopsisThe remote service supports the use of anonymous SSL ciphers.
DescriptionThe remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
SolutionReconfigure the affected application if possible to avoid use of weak ciphers.