TLS 1.0 Weak Protocol

Medium Web Application Scanning Plugin ID 112496

Synopsis

TLS 1.0 Weak Protocol

Description

The remote server offers deprecated TLS 1.0 protocol which can lead to weaknesses.

Solution

Reconfigure the affected application, if possible to avoid the use of deprecated TLS 1.0 protocol.

See Also

https://security.googleblog.com/2018/10/modernizing-transport-security.html

https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/

https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/

Plugin Details

Severity: Medium

ID: 112496

Type: remote

Family: SSL/TLS

Published: 2018/10/03

Updated: 2019/02/13

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Reference Information

CWE: 327

WASC: Insufficient Transport Layer Protection

OWASP: 2010-A9, 2013-A6, 2017-A3