SSL Anonymous Cipher Suites Supported
Low Nessus Plugin ID 31705
SynopsisThe remote service supports the use of anonymous SSL ciphers.
DescriptionThe remote host supports the use of anonymous SSL ciphers. While this
enables an administrator to set up a service that encrypts traffic
without having to generate and configure SSL certificates, it offers
no way to verify the remote host's identity and renders the service
vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
SolutionReconfigure the affected application if possible to avoid use of weak