[Openvas-discuss] Port 25 weak ciphers

Reindl Harald h.reindl at thelounge.net
Tue Jan 3 15:51:25 CET 2017



Am 03.01.2017 um 08:49 schrieb Christian Fischer:
> On 02.01.2017 23:13, Reindl Harald wrote:
>> damned how long takes it to remove this bullshit
>>
>> ENFORCING ANY BETTER SECURITY IN CASE OF OPPORTUNISTIC ENCRYPTION LEDAS
>> IN DELIVERING CLIENT FALL BACK TO ***NO ENVRYPTION** AT ALL
>>
>> 25/tcp
>>
>> Weak ciphers offered by this service:
>>   TLS1_0_ECDH_anon_WITH_3DES_EDE_CBC_SHA
>>   TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA
>>   TLS1_1_ECDH_anon_WITH_3DES_EDE_CBC_SHA
>>   TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA
>>   TLS1_2_ECDH_anon_WITH_3DES_EDE_CBC_SHA
>>   TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA
>
> just use a current feed instead of CAPS writing and then you already got
> this removed

the scan is from yesterday, the issues are months old (includinmg the 
openssh windows bruteforce nonsense on linux machines with key-only-auth 
on recent Fedora steups)

30 1 1 * *                                  root 
/usr/local/bin/openvas-sync

[root at openvas:~]$ cat /usr/local/bin/openvas-sync
#!/usr/bin/dash
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
openvasmd --rebuild
killall -s SIGHUP openvassd




More information about the Openvas-discuss mailing list