Vulners
Lucene search
TLS Version 1.0 Protocol Detection (PCI DSS)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(84470);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/22");
script_name(english:"TLS Version 1.0 Protocol Detection (PCI DSS)");
script_summary(english:"Checks for the use of a deprecated TLS protocol.");
script_set_attribute(attribute:"synopsis", value:
"The remote service encrypts traffic using a protocol with known
weaknesses.");
script_set_attribute(attribute:"description", value:
"The remote service accepts connections encrypted using TLS 1.0. This
version of TLS is affected by multiple cryptographic flaws. An
attacker can exploit these flaws to conduct man-in-the-middle attacks
or to decrypt communications between the affected service and clients.");
script_set_attribute(attribute:"solution", value:
"All processing and third party entities - including Acquirers,
Processors, Gateways and Service Providers must provide a TLS 1.1 or
greater service offering by June 2016. All processing and third party
entities must cutover to a secure version of TLS (as defined by NIST)
effective June 2018.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N");
script_set_attribute(attribute:"cvss_score_source", value:"manual");
script_set_attribute(attribute:"cvss_score_rationale", value:"Score from an in depth analysis done by Tenable");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Service detection");
script_copyright(english:"This script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssl_supported_ciphers.nasl", "tls10_detection.nasl");
script_require_keys("SSL/Supported", "Settings/PCI_DSS");
script_exclude_keys("Settings/PCI_DSS_local_checks");
exit(0);
}
include("byte_func.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssl_funcs.inc");
include("audit.inc");
include("obj.inc");
if (!get_kb_item("Settings/PCI_DSS")) audit(AUDIT_PCI);
if (get_kb_item("Settings/PCI_DSS_local_checks"))
exit(1, "This plugin only runs for PCI External scans.");
get_kb_item_or_exit("SSL/Supported");
# Get list of ports that use SSL or StartTLS.
ports = get_ssl_ports();
if (isnull(ports) || max_index(ports) == 0)
exit(1, "The host does not appear to have any TLS-based services.");
tlsv1_ports = get_kb_list("SSL/deprecated/TLSv1");
reported_at_least_once = FALSE;
foreach port (ports)
{
if (obj_in_list(list:tlsv1_ports, item:port))
{
security_hole(port:port, extra:'TLSv1 is enabled on port ' + port + ' and the server supports at least one cipher.');
reported_at_least_once = TRUE;
}
}
if (!reported_at_least_once)
exit(0, "None of the detected SSL/TLS services support TLSv1");
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Apr 2020 00:00Current
5.6Medium risk
Vulners AI Score5.6