The OpenSSL version on the remote host allows resuming SSL sessions with a weaker cipher than the one initially negotiated, leading to a potential security vulnerabilit
Reporter | Title | Published | Views | Family All 157 |
---|---|---|---|---|
OpenSSL | Vulnerability in OpenSSL CVE-2010-4180 | 2 Dec 201000:00 | โ | openssl |
Veracode | Insecure TLS Configuration | 10 Apr 202000:56 | โ | veracode |
Tenable Nessus | Fedora 14 : openssl-1.0.0c-1.fc14 (2010-18765) | 12 Dec 201000:00 | โ | nessus |
Tenable Nessus | RHEL 6 : openssl (RHSA-2010:0979) | 14 Dec 201000:00 | โ | nessus |
Tenable Nessus | SuSE9 Security Update : OpenSSL (YOU Patch Number 12701) | 4 May 201100:00 | โ | nessus |
Tenable Nessus | Mandriva Linux Security Advisory : openssl (MDVSA-2010:248) | 8 Dec 201000:00 | โ | nessus |
Tenable Nessus | OpenSSL 0.9.8 < 0.9.8q Vulnerability | 7 Jun 202400:00 | โ | nessus |
Tenable Nessus | SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7462) | 13 Dec 201100:00 | โ | nessus |
Tenable Nessus | openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0014-1) | 13 Jun 201400:00 | โ | nessus |
Tenable Nessus | SuSE 11.1 Security Update : libopenssl (SAT Patch Number 3661) | 21 Jan 201100:00 | โ | nessus |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
openssl | www.openssl.org/news/secadv/20101202.txt |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
if (!defined_func("socketpair")) exit(0, "socketpair() not defined.");
if ( NASL_LEVEL < 4000 ) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(51892);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2010-4180");
script_bugtraq_id(45164);
script_name(english:"OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue");
script_set_attribute(attribute:"synopsis", value:
"The remote host allows resuming SSL sessions with a weaker cipher
than the one originally negotiated.");
script_set_attribute(attribute:"description", value:
"The version of OpenSSL on the remote host has been shown to allow
resuming session with a weaker cipher than was used when the session
was initiated. This means that an attacker that sees (i.e., by
sniffing) the start of an SSL connection can manipulate the OpenSSL
session cache to cause subsequent resumptions of that session to use a
weaker cipher chosen by the attacker.
Note that other SSL implementations may also be affected by this
vulnerability.");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20101202.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/02");
script_set_attribute(attribute:"patch_publication_date", value:"2010/12/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"General");
script_copyright(english:"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.");
script_dependencies("ssl_resume.nasl");
script_require_keys("SSL/Resume/Weaker");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("ssl_funcs.inc");
# Get the information for each resume, forking as necessary.
port = get_kb_item_or_exit("SSL/Resume/Weaker");
encaps = get_kb_list_or_exit("SSL/Resume/Weaker/" + port);
encaps = make_list(encaps);
# If the user doesn't want the details, let's stop right here.
if (report_verbosity == 0)
{
security_warning(port);
exit(0);
}
report = "";
foreach encap (sort(encaps))
{
session_id = get_kb_item("SSL/Resume/Weaker/" + port + "/" + encap + "/Session_ID");
old_cipher = get_kb_item("SSL/Resume/Weaker/" + port + "/" + encap + "/Initial");
new_cipher = get_kb_item("SSL/Resume/Weaker/" + port + "/" + encap + "/Resumed");
if (encap == ENCAPS_SSLv3)
version = "SSLv3";
else if (encap == ENCAPS_TLSv1)
version = "TLSv1";
else
version = "Unknown";
report +=
'\nThe server allowed the following session over ' + version + ' to be resumed as follows :' +
'\n' +
'\n Session ID : ' + session_id +
'\n Initial Cipher : ' + old_cipher + " (0x" + hexstr(ciphers[old_cipher]) + ")" +
'\n Resumed Cipher : ' + new_cipher + " (0x" + hexstr(ciphers[new_cipher]) + ")" +
'\n';
}
security_warning(port:port, extra:report);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo