[Openvas-discuss] Port 25 weak ciphers

Reindl Harald h.reindl at thelounge.net
Tue Jan 3 17:56:21 CET 2017

Am 03.01.2017 um 17:46 schrieb Michael Meyer:
> *** Reindl Harald wrote:
>> the scan is from yesterday, the issues are months old (includinmg
>> the openssh windows bruteforce nonsense on linux machines with
>> key-only-auth on recent Fedora steups)
> "openssh windows bruteforce nonsense on linux machines"?

* no windows machine
* no 'auth_password' at all
* linux distributions don't raise version numbers but release fixes

hence flagged as false positive yesterday since i not no longer can see 
that red colored nonsense initially reported months ago

High (CVSS: 7.8)
NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows) 
Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type 
and version (OID:

Installed version: 7.2
Fixed version:     7.3

More information about the Openvas-discuss mailing list