Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SSL_RC4_SUPPORTED_CIPHERS.NASL
HistoryApr 05, 2013 - 12:00 a.m.

SSL RC4 Cipher Suites Supported (Bar Mitzvah)

2013-04-0500:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13189
JSON

The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(65821);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/03");

  script_cve_id("CVE-2013-2566", "CVE-2015-2808");
  script_bugtraq_id(58796, 73684);

  script_name(english:"SSL RC4 Cipher Suites Supported (Bar Mitzvah)");
  script_summary(english:"Reports any supported RC4 based SSL Cipher Suites.");

  script_set_attribute(attribute:"synopsis", value:
"The remote service supports the use of the RC4 cipher.");
  script_set_attribute(attribute:"description", value:
"The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.");
  script_set_attribute(attribute:"see_also", value:"https://www.rc4nomore.com/");
  # https://blog.cryptographyengineering.com/2013/03/12/attack-of-week-rc4-is-kind-of-broken-in/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac7327a0");
  script_set_attribute(attribute:"see_also", value:"http://cr.yp.to/talks/2013.03.12/slides.pdf");
  script_set_attribute(attribute:"see_also", value:"http://www.isg.rhul.ac.uk/tls/");
  script_set_attribute(attribute:"see_also", value:"https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf");
  script_set_attribute(attribute:"solution", value:
"Reconfigure the affected application, if possible, to avoid use of RC4
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser
and web server support.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:ND/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:X/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2566");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"General");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssl_supported_ciphers.nasl");
  script_require_ports("SSL/Supported", "DTLS/Supported");

  exit(0);
}

include("audit.inc");
include("byte_func.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssl_funcs.inc");

if(!get_kb_item("SSL/Supported") && !get_kb_item("DTLS/Supported"))
  exit(1, "Neither the 'SSL/Supported' nor the 'DTLS/Supported' flag is set.");

pp_info = get_tls_dtls_ports(fork:TRUE, dtls:TRUE, check_port:TRUE, ciphers:TRUE);
port = pp_info["port"];
if (isnull(port))
  exit(1, "The host does not appear to have any TLS or DTLS based services.");

if(pp_info["proto"] != "tls" && pp_info["proto"] != "dtls")
  exit(1, "A bad protocol was returned from get_tls_dtls_ports(). (" + pp_info["port"] + "/" + pp_info["proto"] + ")");

supported_ciphers = pp_info["ciphers"];
if (isnull(supported_ciphers))
  exit(0, "No ciphers were found for " + pp_info["l4_proto"] + " port " + port + ".");
supported_ciphers = make_list(supported_ciphers);

# Generate the report of supported RC4 ciphers.
c_report = cipher_report(supported_ciphers, name:"_RC4_");
if (isnull(c_report))
  exit(0, "No RC4 cipher suites are supported on " + pp_info["l4_proto"] + " port " + port + ".");

# used by pci_rc4_supported.nasl
if (get_kb_item("Settings/PCI_DSS"));
{
  set_kb_item(name:"PCI/ssl_rc4_supported", value:port);
  replace_kb_item(name:"PCI/ssl_rc4_supported/report/" + port, value:c_report);
}

report =
  '\nList of RC4 cipher suites supported by the remote server :' +
  '\n' + c_report;

security_report_v4(port:port, proto:pp_info["l4_proto"], extra:report, severity:SECURITY_WARNING);

Related

nessus 13
checkpoint_advisories 1
openvas 7
f5 4
ibm 159
cve 2
prion 2
ubuntucve 2
ics 1
veracode 1
huawei 1
aix 1
debiancve 1
threatpost 1
ubuntu 2
securityvulns 1
nessus
nessus
SSL/TLS Services Support RC4 (PCI DSS)
2018-01-29 00:00:00
F5 Networks BIG-IP : TLS/SSL RC4 vulnerability (K14638)
2014-10-10 00:00:00
AIX 6.1 TL 9 : bos.net.tcp.server (U863668) (Bar Mitzvah)
2015-12-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Weak SSL RC4 Cipher Suites (CVE-2013-2566; CVE-2015-2808)
2015-05-17 00:00:00
openvas
openvas
HPE Network Products Multiple Remote Vulnerabilities
2016-11-25 00:00:00
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
F5 BIG-IP - SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808
2015-09-18 00:00:00
f5
f5
K14638 : TLS/SSL RC4 vulnerability CVE-2013-2566
2015-03-30 00:00:00
SOL14638 - TLS/SSL RC4 vulnerability CVE-2013-2566
2013-08-27 00:00:00
K16864 : SSL/TLS RC4 vulnerability CVE-2015-2808
2015-08-17 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect Proventia Network Active Bypass (CVE-2013-2566)
2018-06-16 21:24:40
Security Bulletin: Vulnerability in RC4 stream cipher affects Real-time Compression Appliance (CVE-2015-2808)
2018-06-18 00:09:28
Security Bulletin: Vulnerability in RC4 stream cipher affects OpenPages GRC Platform with Application Server (CVE-2015-2808)
2018-06-15 22:37:00
cve
cve
CVE-2013-2566
2013-03-15 21:55:00
CVE-2015-2808
2015-04-01 02:00:00
prion
prion
Code injection
2013-03-15 21:55:00
Design/Logic Flaw
2015-04-01 02:00:00
ubuntucve
ubuntucve
CVE-2013-2566
2013-03-15 00:00:00
CVE-2015-2808
2015-03-31 00:00:00
ics
ics
Mitsubishi Electric Air Conditioning Systems
2022-06-20 12:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:39:15
huawei
huawei
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
2015-09-19 00:00:00
aix
aix
Vulnerability in RC4 stream cipher affects AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on VIOS
2015-04-27 15:27:04
debiancve
debiancve
CVE-2015-2808
2015-04-01 02:00:00
threatpost
threatpost
5 Steps to Securing Your Network Perimeter
2021-09-27 20:29:43
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-11-21 00:00:00
Firefox vulnerabilities
2013-11-20 00:00:00
securityvulns
securityvulns
Mozilla nss security vulnerabilities
2013-11-26 00:00:00
JSON
Related for SSL_RC4_SUPPORTED_CIPHERS.NASL
nessus13checkpoint_advisories1openvas7f54ibm159cve2prion2ubuntucve2ics1veracode1huawei1aix1debiancve1threatpost1ubuntu2securityvulns1