[Openvas-discuss] Port 25 weak ciphers

Reindl Harald h.reindl at thelounge.net
Tue Jan 3 17:56:21 CET 2017



Am 03.01.2017 um 17:46 schrieb Michael Meyer:
> *** Reindl Harald wrote:
>
>> the scan is from yesterday, the issues are months old (includinmg
>> the openssh windows bruteforce nonsense on linux machines with
>> key-only-auth on recent Fedora steups)
>
> "openssh windows bruteforce nonsense on linux machines"?

* no windows machine
* no 'auth_password' at all
* linux distributions don't raise version numbers but release fixes

hence flagged as false positive yesterday since i not no longer can see 
that red colored nonsense initially reported months ago

High (CVSS: 7.8)
NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows) 
(OID: 1.3.6.1.4.1.25623.1.0.809121)
Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type 
and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

Installed version: 7.2
Fixed version:     7.3





More information about the Openvas-discuss mailing list