dradis-saint 3.18.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (41) hide show
  1. checksums.yaml +7 -0
  2. data/.github/issue_template.md +16 -0
  3. data/.github/pull_request_template.md +36 -0
  4. data/.gitignore +12 -0
  5. data/CHANGELOG.md +39 -0
  6. data/CONTRIBUTING.md +3 -0
  7. data/Gemfile +20 -0
  8. data/LICENSE +339 -0
  9. data/README.md +25 -0
  10. data/Rakefile +1 -0
  11. data/dradis-saint.gemspec +28 -0
  12. data/lib/dradis-saint.rb +7 -0
  13. data/lib/dradis/plugins/saint.rb +11 -0
  14. data/lib/dradis/plugins/saint/engine.rb +13 -0
  15. data/lib/dradis/plugins/saint/field_processor.rb +31 -0
  16. data/lib/dradis/plugins/saint/gem_version.rb +18 -0
  17. data/lib/dradis/plugins/saint/importer.rb +130 -0
  18. data/lib/dradis/plugins/saint/version.rb +11 -0
  19. data/lib/saint/base.rb +29 -0
  20. data/lib/saint/evidence.rb +18 -0
  21. data/lib/saint/vulnerability.rb +15 -0
  22. data/lib/tasks/thorfile.rb +19 -0
  23. data/spec/dradis/plugins/saint/field_processor_spec.rb +39 -0
  24. data/spec/dradis/plugins/saint/importer_spec.rb +33 -0
  25. data/spec/fixtures/files/evidence-01.xml +8 -0
  26. data/spec/fixtures/files/full_report.xml +45 -0
  27. data/spec/fixtures/files/host-01.xml +5 -0
  28. data/spec/fixtures/files/saint_metasploitable_sample.xml +718 -0
  29. data/spec/fixtures/files/vulnerability-01.xml +17 -0
  30. data/spec/saint/evidence_spec.rb +8 -0
  31. data/spec/saint/host_spec.rb +8 -0
  32. data/spec/saint/vulnerability_spec.rb +8 -0
  33. data/spec/spec_helper.rb +10 -0
  34. data/spec/xml_element.rb +10 -0
  35. data/templates/evidence.fields +5 -0
  36. data/templates/evidence.sample +8 -0
  37. data/templates/evidence.template +14 -0
  38. data/templates/vulnerability.fields +14 -0
  39. data/templates/vulnerability.sample +35 -0
  40. data/templates/vulnerability.template +41 -0
  41. metadata +166 -0
@@ -0,0 +1,8 @@
1
+ <evidence>
2
+ <port>Test Port</port>
3
+ <severity>Test Severity</severity>
4
+ <description>Test Description</description>
5
+ <class>Test Vuln class</class>
6
+ <cve>Test Cve</cve>
7
+ <cvss_base_score>Test Cvss base score</cvss_base_score>
8
+ </evidence>
@@ -0,0 +1,45 @@
1
+ <report>
2
+ <summary>
3
+ </summary>
4
+ <overview>
5
+ <hosts>
6
+ <host>
7
+ <hostname>Test Hostname</hostname>
8
+ <ipaddr>Test Ipaddr</ipaddr>
9
+ <hosttype>Test Hosttype</hosttype>
10
+ </host>
11
+ </hosts>
12
+ <vulnerabilities>
13
+ <host_info>
14
+ <hostname>Test Hostname</hostname>
15
+ <vulnerability>
16
+ <port>Test Port</port>
17
+ <severity>Test Severity</severity>
18
+ <description>Test Description</description>
19
+ <class>Test Vuln class</class>
20
+ <cve>Test Cve</cve>
21
+ <cvss_base_score>Test Cvss base score</cvss_base_score>
22
+ </vulnerability>
23
+ </host_info>
24
+ </vulnerabilities>
25
+ </overview>
26
+ <details>
27
+ <vulnerability>
28
+ <description>Test Description</description>
29
+ <hostname>Test Hostname</hostname>
30
+ <ipaddr>Test Ipaddr</ipaddr>
31
+ <hosttype>Test Hosttype</hosttype>
32
+ <scan_time>Test Scan time</scan_time>
33
+ <status>Test Status</status>
34
+ <severity>Test Severity</severity>
35
+ <cve>Test Cve</cve>
36
+ <cvss_base_score>Test Cvss base score</cvss_base_score>
37
+ <impact>Test Impact</impact>
38
+ <background>Test Background</background>
39
+ <problem>Test Problem</problem>
40
+ <resolution>Test Resolution</resolution>
41
+ <reference>Test Reference</reference>
42
+ <vuln_details></vuln_details>
43
+ </vulnerability>
44
+ </details>
45
+ </report>
@@ -0,0 +1,5 @@
1
+ <host>
2
+ <hostname>Test Hostname</hostname>
3
+ <ipaddr>Test Ipaddr</ipaddr>
4
+ <hosttype>Test Hosttype</hosttype>
5
+ </host>
@@ -0,0 +1,718 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <report>
3
+ <scan_information>
4
+ <title>Metasploitable</title>
5
+ <report_time>Wed Mar 22 13:28:09 2017</report_time>
6
+ <scan_time>Wed Mar 22 13:22:35 2017</scan_time>
7
+ <scan_level>heavy vulnerability</scan_level>
8
+ <scanner_version>8.14.25</scanner_version>
9
+ </scan_information>
10
+ <summary>
11
+ <vulnerabilities_by_severity bar="bar_vulns.png" pie="pie_vulns.png">
12
+ <reds>2</reds>
13
+ <yellows>0</yellows>
14
+ <browns>8</browns>
15
+ <greens>5</greens>
16
+ </vulnerabilities_by_severity>
17
+ <hosts_by_severity bar="bar_hosts.png" pie="pie_hosts.png">
18
+ <red_hosts>1</red_hosts>
19
+ <yellow_hosts>0</yellow_hosts>
20
+ <brown_hosts>0</brown_hosts>
21
+ <green_hosts>0</green_hosts>
22
+ <black_hosts>0</black_hosts>
23
+ </hosts_by_severity>
24
+ <vulnerabilities_by_class bar="bar_classes.png" pie="pie_classes.png">
25
+ <web>0</web>
26
+ <mail>0</mail>
27
+ <file_transfer>0</file_transfer>
28
+ <login_shell>0</login_shell>
29
+ <print_services>0</print_services>
30
+ <rpc>0</rpc>
31
+ <dns>0</dns>
32
+ <databases>0</databases>
33
+ <networking_snmp>0</networking_snmp>
34
+ <windows_os>0</windows_os>
35
+ <passwords>0</passwords>
36
+ <other>8</other>
37
+ </vulnerabilities_by_class>
38
+ <top_vulns bar="bar_topvulns.png">
39
+ <top_vuln>
40
+ <rank>1</rank>
41
+ <vulnerability>server is susceptible to BEAST attack</vulnerability>
42
+ <no_of_targets>3</no_of_targets>
43
+ </top_vuln>
44
+ <top_vuln>
45
+ <rank>2</rank>
46
+ <vulnerability>SSL/TLS server supports short block sizes (SWEET32 attack)</vulnerability>
47
+ <no_of_targets>3</no_of_targets>
48
+ </top_vuln>
49
+ <top_vuln>
50
+ <rank>3</rank>
51
+ <vulnerability>SSL/TLS server supports RC4 ciphers</vulnerability>
52
+ <no_of_targets>2</no_of_targets>
53
+ </top_vuln>
54
+ </top_vulns>
55
+ <top_services bar="bar_topservices.png">
56
+ <top_service>
57
+ <rank>1</rank>
58
+ <service>urd (465/TCP)</service>
59
+ <no_of_targets>1</no_of_targets>
60
+ </top_service>
61
+ <top_service>
62
+ <rank>2</rank>
63
+ <service>587/TCP</service>
64
+ <no_of_targets>1</no_of_targets>
65
+ </top_service>
66
+ <top_service>
67
+ <rank>3</rank>
68
+ <service>SMTP</service>
69
+ <no_of_targets>1</no_of_targets>
70
+ </top_service>
71
+ <top_service>
72
+ <rank>4</rank>
73
+ <service>WWW</service>
74
+ <no_of_targets>1</no_of_targets>
75
+ </top_service>
76
+ <top_service>
77
+ <rank>5</rank>
78
+ <service>WWW (Secure)</service>
79
+ <no_of_targets>1</no_of_targets>
80
+ </top_service>
81
+ </top_services>
82
+ </summary>
83
+ <overview>
84
+ <hosts>
85
+ <host>
86
+ <hostname>192.168.150.163</hostname>
87
+ <ipaddr>192.168.150.163</ipaddr>
88
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
89
+ <reds>2</reds>
90
+ <yellows>0</yellows>
91
+ <browns>8</browns>
92
+ </host>
93
+ </hosts>
94
+ <vulnerabilities_summary>
95
+ <vulnerability>
96
+ <description>server is susceptible to BEAST attack</description>
97
+ <no_of_targets>3</no_of_targets>
98
+ </vulnerability>
99
+ <vulnerability>
100
+ <description>SSL/TLS server supports short block sizes (SWEET32 attack)</description>
101
+ <no_of_targets>3</no_of_targets>
102
+ </vulnerability>
103
+ <vulnerability>
104
+ <description>SSL/TLS server supports RC4 ciphers</description>
105
+ <no_of_targets>2</no_of_targets>
106
+ </vulnerability>
107
+ </vulnerabilities_summary>
108
+ <vulnerabilities>
109
+ <host_info>
110
+ <hostname>192.168.150.163</hostname>
111
+ <vulnerability>
112
+ <port>587/tcp</port>
113
+ <severity>potential</severity>
114
+ <description>server is susceptible to BEAST attack</description>
115
+ <class>Other</class>
116
+ <cve>CVE-2011-3389</cve>
117
+ <cvss_base_score>4.3</cvss_base_score>
118
+ </vulnerability>
119
+ <vulnerability>
120
+ <port>443/tcp</port>
121
+ <severity>potential</severity>
122
+ <description>server is susceptible to BEAST attack</description>
123
+ <class>Other</class>
124
+ <cve>CVE-2011-3389</cve>
125
+ <cvss_base_score>4.3</cvss_base_score>
126
+ </vulnerability>
127
+ <vulnerability>
128
+ <port>25/tcp</port>
129
+ <severity>potential</severity>
130
+ <description>server is susceptible to BEAST attack</description>
131
+ <class>Other</class>
132
+ <cve>CVE-2011-3389</cve>
133
+ <cvss_base_score>4.3</cvss_base_score>
134
+ </vulnerability>
135
+ <vulnerability>
136
+ <port>25/tcp</port>
137
+ <severity>potential</severity>
138
+ <description>SSL/TLS server supports RC4 ciphers</description>
139
+ <class>Other</class>
140
+ <cve>CVE-2013-2566 CVE-2015-2808</cve>
141
+ <cvss_base_score>4.3</cvss_base_score>
142
+ </vulnerability>
143
+ <vulnerability>
144
+ <port>587/tcp</port>
145
+ <severity>potential</severity>
146
+ <description>SSL/TLS server supports RC4 ciphers</description>
147
+ <class>Other</class>
148
+ <cve>CVE-2013-2566 CVE-2015-2808</cve>
149
+ <cvss_base_score>4.3</cvss_base_score>
150
+ </vulnerability>
151
+ <vulnerability>
152
+ <port>25/tcp</port>
153
+ <severity>potential</severity>
154
+ <description>SSL/TLS server supports short block sizes (SWEET32 attack)</description>
155
+ <class>Other</class>
156
+ <cve>CVE-2016-2183</cve>
157
+ <cvss_base_score>5.0</cvss_base_score>
158
+ </vulnerability>
159
+ <vulnerability>
160
+ <port>443/tcp</port>
161
+ <severity>potential</severity>
162
+ <description>SSL/TLS server supports short block sizes (SWEET32 attack)</description>
163
+ <class>Other</class>
164
+ <cve>CVE-2016-2183</cve>
165
+ <cvss_base_score>5.0</cvss_base_score>
166
+ </vulnerability>
167
+ <vulnerability>
168
+ <port>587/tcp</port>
169
+ <severity>potential</severity>
170
+ <description>SSL/TLS server supports short block sizes (SWEET32 attack)</description>
171
+ <class>Other</class>
172
+ <cve>CVE-2016-2183</cve>
173
+ <cvss_base_score>5.0</cvss_base_score>
174
+ </vulnerability>
175
+ <vulnerability>
176
+ <port>587/tcp</port>
177
+ <severity>service</severity>
178
+ <description>587/TCP</description>
179
+ </vulnerability>
180
+ <vulnerability>
181
+ <port>25/tcp</port>
182
+ <severity>service</severity>
183
+ <description>SMTP</description>
184
+ </vulnerability>
185
+ <vulnerability>
186
+ <port>80/tcp</port>
187
+ <severity>service</severity>
188
+ <description>WWW</description>
189
+ </vulnerability>
190
+ <vulnerability>
191
+ <port>443/tcp</port>
192
+ <severity>service</severity>
193
+ <description>WWW (Secure)</description>
194
+ </vulnerability>
195
+ <vulnerability>
196
+ <port>465/tcp</port>
197
+ <severity>service</severity>
198
+ <description>urd (465/TCP)</description>
199
+ </vulnerability>
200
+ <vulnerability>
201
+ <port>80/tcp</port>
202
+ <severity>info</severity>
203
+ <description>Web Directory: /</description>
204
+ </vulnerability>
205
+ <vulnerability>
206
+ <port>443/tcp</port>
207
+ <severity>info</severity>
208
+ <description>Web Directory: /</description>
209
+ </vulnerability>
210
+ <vulnerability>
211
+ <port>80/tcp</port>
212
+ <severity>info</severity>
213
+ <description>Web Directory: /cgi-bin/</description>
214
+ </vulnerability>
215
+ <vulnerability>
216
+ <port>80/tcp</port>
217
+ <severity>info</severity>
218
+ <description>Web Directory: /scripts/</description>
219
+ </vulnerability>
220
+ </host_info>
221
+ </vulnerabilities>
222
+ </overview>
223
+ <details>
224
+ <vulnerability>
225
+ <description>server is susceptible to BEAST attack</description>
226
+ <hostname>192.168.150.163</hostname>
227
+ <ipaddr>192.168.150.163</ipaddr>
228
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
229
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
230
+ <status>new</status>
231
+ <severity>Potential Problem</severity>
232
+ <cve>CVE-2011-3389</cve>
233
+ <cvss_base_score>4.3</cvss_base_score>
234
+ <impact>
235
+ A remote attacker with the ability to sniff network traffic could decrypt an
236
+ encrypted session.
237
+ </impact>
238
+ <background>
239
+ Cipher Block Chaining (CBC) is an encryption mode of operation where the decryption of each block of encrypted text depends on all of the preceding blocks. CBC requires an Initialization Vector, a block of bits which starts the encryption and ensures that the encrypted text is unique. The SSLv3 and TLS 1.0 protocols may encrypt data using Cipher Block Chaining
240
+ ciphers that use chained initialization vectors.
241
+ </background>
242
+ <problem>
243
+ SSL/TLS CBC Initialization Vector Prediction
244
+ 10/28/11
245
+ CVE 2011-3389
246
+ The Browser Exploit against SSL/TLS (BEAST) may allow an attacker to perform
247
+ a man-in-the-middle attack to obtain plain-text HTTP headers by conducting a
248
+ blockwise chosen-boundary attack (BCBA) against an HTTPS session.
249
+ This attack is an extension of two previously
250
+ disclosed attacks against SSL. The first of these attacks was detailed by
251
+ Gregory Bard in May 2004 (The
252
+ Vulnerability of SSL to Chosen Plaintext Attack). This research showed
253
+ that cipher block chaining mode used by SSL is vulnerable to decryption in
254
+ cases where the attacker can control part of the plaintext. This attack proved
255
+ to be difficult to implement against HTTPS sessions due to the attackers'
256
+ inability to control the contents. This attack method was extended to support
257
+ TLS 1.0 and improved in April 2006 (A
258
+ Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on
259
+ SSL).
260
+ In September 2011, Juliano Rizzo and Thai Duong presented a modern iteration
261
+ of this attack that utilized Java or HTML5 WebSockets as an entry-point for
262
+ attackers. Using this method, attackers could host a malicious website that,
263
+ when visited by victims, uses Java or WebSockets to establish a connection to
264
+ any secured 3rd party website of their choice. If the user has an active
265
+ session to the targeted 3rd party site, any cookies he or she has saved will also
266
+ be sent. Since the attacker is initiating this request, he can control the
267
+ length of the requested resource, allowing him to position the cookie on a
268
+ block boundary. The attacker also knows part of the cleartext. If this can be
269
+ done in a man-in-the-middle scenario, the attacker will be able to intercept
270
+ this encrypted request and decrypt it off-line to obtain the cookie. If the
271
+ cookie contains an authentication token, this may result in account theft.
272
+ TLS 1.1 and later have been improved to use an explicit initialization vector
273
+ strategy, rendering them immune to this type of attack.
274
+ </problem>
275
+ <resolution>
276
+ Most browser vendors have released updates which prevent this attack, but some affected browsers still remain at this time, so it is still advisable also to fix the problem on the server side. SSLv3 and TLS 1.0 should be disabled on the server as follows:
277
+ Apache: Set the following directive in the Apache configuration file. (The -TLSv1 argument requires Apache 2.2.24 or higher or an update from your Linux vendor.)
278
+ SSLProtocol all -SSLv2 -SSLv3 -TLSv1
279
+ IIS: See [http://support.microsoft.com/kb/245030] KB245030 and [https://support.microsoft.com/en-us/kb/187498] KB187498.
280
+ Note that disabling SSLv3 and TLS 1.0 entirely on the server may affect the usability of the web site, as some web browsers may not yet support TLS 1.1.
281
+ </resolution>
282
+ <reference>
283
+ Thai Duong wrote a detailed [http://vnhacker.blogspot.com/2011/09/beast.html] blog post about this attack, including a video demonstration.
284
+ Adam Langley wrote a helpful [http://www.imperialviolet.org/2011/09/23/chromeandbeast.html] blog post that helps highlight concerns for both browser vendors and website hosts.
285
+ Rob VanderBrink of SANS Internet Storm Center [http://isc.sans.edu/diary.html?storyid=11629] posted a blog update detailing TLS 1.1/1.2 support in many common browsers as of September, 2011.
286
+ Eric Rescorla wrote a [http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html] detailed blog post explaining how the attack works in detail and analyzing the security impact of this vulnerability.
287
+ </reference>
288
+ <vuln_details>
289
+ Service: 587:TCP
290
+ Server accepted TLS 1.0 CBC cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA </vuln_details>
291
+ </vulnerability>
292
+ <vulnerability>
293
+ <description>server is susceptible to BEAST attack</description>
294
+ <hostname>192.168.150.163</hostname>
295
+ <ipaddr>192.168.150.163</ipaddr>
296
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
297
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
298
+ <status>new</status>
299
+ <severity>Potential Problem</severity>
300
+ <cve>CVE-2011-3389</cve>
301
+ <cvss_base_score>4.3</cvss_base_score>
302
+ <impact>
303
+ A remote attacker with the ability to sniff network traffic could decrypt an
304
+ encrypted session.
305
+ </impact>
306
+ <background>
307
+ Cipher Block Chaining (CBC) is an encryption mode of operation where the decryption of each block of encrypted text depends on all of the preceding blocks. CBC requires an Initialization Vector, a block of bits which starts the encryption and ensures that the encrypted text is unique. The SSLv3 and TLS 1.0 protocols may encrypt data using Cipher Block Chaining
308
+ ciphers that use chained initialization vectors.
309
+ </background>
310
+ <problem>
311
+ SSL/TLS CBC Initialization Vector Prediction
312
+ 10/28/11
313
+ CVE 2011-3389
314
+ The Browser Exploit against SSL/TLS (BEAST) may allow an attacker to perform
315
+ a man-in-the-middle attack to obtain plain-text HTTP headers by conducting a
316
+ blockwise chosen-boundary attack (BCBA) against an HTTPS session.
317
+ This attack is an extension of two previously
318
+ disclosed attacks against SSL. The first of these attacks was detailed by
319
+ Gregory Bard in May 2004 (The
320
+ Vulnerability of SSL to Chosen Plaintext Attack). This research showed
321
+ that cipher block chaining mode used by SSL is vulnerable to decryption in
322
+ cases where the attacker can control part of the plaintext. This attack proved
323
+ to be difficult to implement against HTTPS sessions due to the attackers'
324
+ inability to control the contents. This attack method was extended to support
325
+ TLS 1.0 and improved in April 2006 (A
326
+ Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on
327
+ SSL).
328
+ In September 2011, Juliano Rizzo and Thai Duong presented a modern iteration
329
+ of this attack that utilized Java or HTML5 WebSockets as an entry-point for
330
+ attackers. Using this method, attackers could host a malicious website that,
331
+ when visited by victims, uses Java or WebSockets to establish a connection to
332
+ any secured 3rd party website of their choice. If the user has an active
333
+ session to the targeted 3rd party site, any cookies he or she has saved will also
334
+ be sent. Since the attacker is initiating this request, he can control the
335
+ length of the requested resource, allowing him to position the cookie on a
336
+ block boundary. The attacker also knows part of the cleartext. If this can be
337
+ done in a man-in-the-middle scenario, the attacker will be able to intercept
338
+ this encrypted request and decrypt it off-line to obtain the cookie. If the
339
+ cookie contains an authentication token, this may result in account theft.
340
+ TLS 1.1 and later have been improved to use an explicit initialization vector
341
+ strategy, rendering them immune to this type of attack.
342
+ </problem>
343
+ <resolution>
344
+ Most browser vendors have released updates which prevent this attack, but some affected browsers still remain at this time, so it is still advisable also to fix the problem on the server side. SSLv3 and TLS 1.0 should be disabled on the server as follows:
345
+ Apache: Set the following directive in the Apache configuration file. (The -TLSv1 argument requires Apache 2.2.24 or higher or an update from your Linux vendor.)
346
+ SSLProtocol all -SSLv2 -SSLv3 -TLSv1
347
+ IIS: See [http://support.microsoft.com/kb/245030] KB245030 and [https://support.microsoft.com/en-us/kb/187498] KB187498.
348
+ Note that disabling SSLv3 and TLS 1.0 entirely on the server may affect the usability of the web site, as some web browsers may not yet support TLS 1.1.
349
+ </resolution>
350
+ <reference>
351
+ Thai Duong wrote a detailed [http://vnhacker.blogspot.com/2011/09/beast.html] blog post about this attack, including a video demonstration.
352
+ Adam Langley wrote a helpful [http://www.imperialviolet.org/2011/09/23/chromeandbeast.html] blog post that helps highlight concerns for both browser vendors and website hosts.
353
+ Rob VanderBrink of SANS Internet Storm Center [http://isc.sans.edu/diary.html?storyid=11629] posted a blog update detailing TLS 1.1/1.2 support in many common browsers as of September, 2011.
354
+ Eric Rescorla wrote a [http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html] detailed blog post explaining how the attack works in detail and analyzing the security impact of this vulnerability.
355
+ </reference>
356
+ <vuln_details>
357
+ Service: https
358
+ Server accepted TLS 1.0 CBC cipher: TLS_RSA_WITH_AES_128_CBC_SHA </vuln_details>
359
+ </vulnerability>
360
+ <vulnerability>
361
+ <description>server is susceptible to BEAST attack</description>
362
+ <hostname>192.168.150.163</hostname>
363
+ <ipaddr>192.168.150.163</ipaddr>
364
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
365
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
366
+ <status>new</status>
367
+ <severity>Potential Problem</severity>
368
+ <cve>CVE-2011-3389</cve>
369
+ <cvss_base_score>4.3</cvss_base_score>
370
+ <impact>
371
+ A remote attacker with the ability to sniff network traffic could decrypt an
372
+ encrypted session.
373
+ </impact>
374
+ <background>
375
+ Cipher Block Chaining (CBC) is an encryption mode of operation where the decryption of each block of encrypted text depends on all of the preceding blocks. CBC requires an Initialization Vector, a block of bits which starts the encryption and ensures that the encrypted text is unique. The SSLv3 and TLS 1.0 protocols may encrypt data using Cipher Block Chaining
376
+ ciphers that use chained initialization vectors.
377
+ </background>
378
+ <problem>
379
+ SSL/TLS CBC Initialization Vector Prediction
380
+ 10/28/11
381
+ CVE 2011-3389
382
+ The Browser Exploit against SSL/TLS (BEAST) may allow an attacker to perform
383
+ a man-in-the-middle attack to obtain plain-text HTTP headers by conducting a
384
+ blockwise chosen-boundary attack (BCBA) against an HTTPS session.
385
+ This attack is an extension of two previously
386
+ disclosed attacks against SSL. The first of these attacks was detailed by
387
+ Gregory Bard in May 2004 (The
388
+ Vulnerability of SSL to Chosen Plaintext Attack). This research showed
389
+ that cipher block chaining mode used by SSL is vulnerable to decryption in
390
+ cases where the attacker can control part of the plaintext. This attack proved
391
+ to be difficult to implement against HTTPS sessions due to the attackers'
392
+ inability to control the contents. This attack method was extended to support
393
+ TLS 1.0 and improved in April 2006 (A
394
+ Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on
395
+ SSL).
396
+ In September 2011, Juliano Rizzo and Thai Duong presented a modern iteration
397
+ of this attack that utilized Java or HTML5 WebSockets as an entry-point for
398
+ attackers. Using this method, attackers could host a malicious website that,
399
+ when visited by victims, uses Java or WebSockets to establish a connection to
400
+ any secured 3rd party website of their choice. If the user has an active
401
+ session to the targeted 3rd party site, any cookies he or she has saved will also
402
+ be sent. Since the attacker is initiating this request, he can control the
403
+ length of the requested resource, allowing him to position the cookie on a
404
+ block boundary. The attacker also knows part of the cleartext. If this can be
405
+ done in a man-in-the-middle scenario, the attacker will be able to intercept
406
+ this encrypted request and decrypt it off-line to obtain the cookie. If the
407
+ cookie contains an authentication token, this may result in account theft.
408
+ TLS 1.1 and later have been improved to use an explicit initialization vector
409
+ strategy, rendering them immune to this type of attack.
410
+ </problem>
411
+ <resolution>
412
+ Most browser vendors have released updates which prevent this attack, but some affected browsers still remain at this time, so it is still advisable also to fix the problem on the server side. SSLv3 and TLS 1.0 should be disabled on the server as follows:
413
+ Apache: Set the following directive in the Apache configuration file. (The -TLSv1 argument requires Apache 2.2.24 or higher or an update from your Linux vendor.)
414
+ SSLProtocol all -SSLv2 -SSLv3 -TLSv1
415
+ IIS: See [http://support.microsoft.com/kb/245030] KB245030 and [https://support.microsoft.com/en-us/kb/187498] KB187498.
416
+ Note that disabling SSLv3 and TLS 1.0 entirely on the server may affect the usability of the web site, as some web browsers may not yet support TLS 1.1.
417
+ </resolution>
418
+ <reference>
419
+ Thai Duong wrote a detailed [http://vnhacker.blogspot.com/2011/09/beast.html] blog post about this attack, including a video demonstration.
420
+ Adam Langley wrote a helpful [http://www.imperialviolet.org/2011/09/23/chromeandbeast.html] blog post that helps highlight concerns for both browser vendors and website hosts.
421
+ Rob VanderBrink of SANS Internet Storm Center [http://isc.sans.edu/diary.html?storyid=11629] posted a blog update detailing TLS 1.1/1.2 support in many common browsers as of September, 2011.
422
+ Eric Rescorla wrote a [http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html] detailed blog post explaining how the attack works in detail and analyzing the security impact of this vulnerability.
423
+ </reference>
424
+ <vuln_details>
425
+ Service: smtp
426
+ Server accepted TLS 1.0 CBC cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA </vuln_details>
427
+ </vulnerability>
428
+ <vulnerability>
429
+ <description>SSL/TLS server supports RC4 ciphers</description>
430
+ <hostname>192.168.150.163</hostname>
431
+ <ipaddr>192.168.150.163</ipaddr>
432
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
433
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
434
+ <status>new</status>
435
+ <severity>Potential Problem</severity>
436
+ <cve>CVE-2013-2566 CVE-2015-2808</cve>
437
+ <cvss_base_score>4.3</cvss_base_score>
438
+ <impact>
439
+ A remote attacker with the ability to sniff network
440
+ traffic could decrypt an encrypted session.
441
+ </impact>
442
+ <background>
443
+ Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL),
444
+ are encryption protocols used to ensure confidentiality as
445
+ information travels across the Internet. They are commonly
446
+ used between web browsers and web servers to protect
447
+ sensitive data such as passwords and credit card numbers.
448
+ At the beginning of a TLS/SSL session, the client and server
449
+ negotiate the encryption algorithm, known as a cipher. RC4 (Rivest Cipher 4) is a stream cipher which is commonly used in TLS/SSL sessions.
450
+ </background>
451
+ <problem>
452
+ Ciphertext Bias Weakness
453
+ CVE 2013-2566
454
+ The encrypted stream which is output by the RC4 cipher contains small biases. This results in ciphertext which isn't truly random when the same plaintext is encrypted with different RC4 keys. This could make it easier for an attacker who can view network traffic to decrypt parts of the plaintext which are typically encrypted many types, such as browser cookies, ultimately leading to session hijacking.
455
+ Invariance Weakness and Bar Mitzvah attack
456
+ 04/28/15
457
+ CVE 2015-2808
458
+ Some RC4 keys contain a pattern which causes part of the state permutation to remain intact throughout the initialization process, resulting in leakage of plaintext bytes. This is known as the Invariance Weakness. This weakness can be used to partially decrypt TLS/SSL sessions which use affected keys in an attack known as Bar Mitzvah. An attacker would need to be able to sniff network traffic in order to exploit this vulnerability, and most RC4 keys do not have this weakness.
459
+ </problem>
460
+ <resolution>
461
+ For Apache mod_ssl web servers, add !RC4 to the [http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite] SSLCipherSuite
462
+ directive in the configuration file to disable RC4 ciphers.
463
+ For Microsoft IIS web servers, disable RC4 ciphers as described in Microsoft knowledge base article
464
+ [http://support.microsoft.com/kb/245030] 245030.
465
+ For other types of web servers, consult the web server
466
+ documentation to find out how to disable RC4 ciphers.
467
+ </resolution>
468
+ <reference>
469
+ For more information on the ciphertext bias weakness, see the blog post [http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html] Attack of the Week: RC4 is kind of broken in TLS.
470
+ For more information on the Invariance Weakness and Bar Mitzvah attack, see [http://securityaffairs.co/wordpress/35352/hacking/bar-mitzvah-attack-on-rc4.html] Security Affairs and Imperva's paper,
471
+ [http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf] Attacking SSL when using RC4.
472
+ </reference>
473
+ <vuln_details>
474
+ Service: smtp
475
+ Server accepted TLS 1.0 RC4 cipher: TLS_RSA_WITH_RC4_128_SHA </vuln_details>
476
+ </vulnerability>
477
+ <vulnerability>
478
+ <description>SSL/TLS server supports RC4 ciphers</description>
479
+ <hostname>192.168.150.163</hostname>
480
+ <ipaddr>192.168.150.163</ipaddr>
481
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
482
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
483
+ <status>new</status>
484
+ <severity>Potential Problem</severity>
485
+ <cve>CVE-2013-2566 CVE-2015-2808</cve>
486
+ <cvss_base_score>4.3</cvss_base_score>
487
+ <impact>
488
+ A remote attacker with the ability to sniff network
489
+ traffic could decrypt an encrypted session.
490
+ </impact>
491
+ <background>
492
+ Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL),
493
+ are encryption protocols used to ensure confidentiality as
494
+ information travels across the Internet. They are commonly
495
+ used between web browsers and web servers to protect
496
+ sensitive data such as passwords and credit card numbers.
497
+ At the beginning of a TLS/SSL session, the client and server
498
+ negotiate the encryption algorithm, known as a cipher. RC4 (Rivest Cipher 4) is a stream cipher which is commonly used in TLS/SSL sessions.
499
+ </background>
500
+ <problem>
501
+ Ciphertext Bias Weakness
502
+ CVE 2013-2566
503
+ The encrypted stream which is output by the RC4 cipher contains small biases. This results in ciphertext which isn't truly random when the same plaintext is encrypted with different RC4 keys. This could make it easier for an attacker who can view network traffic to decrypt parts of the plaintext which are typically encrypted many types, such as browser cookies, ultimately leading to session hijacking.
504
+ Invariance Weakness and Bar Mitzvah attack
505
+ 04/28/15
506
+ CVE 2015-2808
507
+ Some RC4 keys contain a pattern which causes part of the state permutation to remain intact throughout the initialization process, resulting in leakage of plaintext bytes. This is known as the Invariance Weakness. This weakness can be used to partially decrypt TLS/SSL sessions which use affected keys in an attack known as Bar Mitzvah. An attacker would need to be able to sniff network traffic in order to exploit this vulnerability, and most RC4 keys do not have this weakness.
508
+ </problem>
509
+ <resolution>
510
+ For Apache mod_ssl web servers, add !RC4 to the [http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite] SSLCipherSuite
511
+ directive in the configuration file to disable RC4 ciphers.
512
+ For Microsoft IIS web servers, disable RC4 ciphers as described in Microsoft knowledge base article
513
+ [http://support.microsoft.com/kb/245030] 245030.
514
+ For other types of web servers, consult the web server
515
+ documentation to find out how to disable RC4 ciphers.
516
+ </resolution>
517
+ <reference>
518
+ For more information on the ciphertext bias weakness, see the blog post [http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html] Attack of the Week: RC4 is kind of broken in TLS.
519
+ For more information on the Invariance Weakness and Bar Mitzvah attack, see [http://securityaffairs.co/wordpress/35352/hacking/bar-mitzvah-attack-on-rc4.html] Security Affairs and Imperva's paper,
520
+ [http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf] Attacking SSL when using RC4.
521
+ </reference>
522
+ <vuln_details>
523
+ Service: 587:TCP
524
+ Server accepted TLS 1.0 RC4 cipher: TLS_RSA_WITH_RC4_128_SHA </vuln_details>
525
+ </vulnerability>
526
+ <vulnerability>
527
+ <description>SSL/TLS server supports short block sizes (SWEET32 attack)</description>
528
+ <hostname>192.168.150.163</hostname>
529
+ <ipaddr>192.168.150.163</ipaddr>
530
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
531
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
532
+ <status>new</status>
533
+ <severity>Potential Problem</severity>
534
+ <cve>CVE-2016-2183</cve>
535
+ <cvss_base_score>5.0</cvss_base_score>
536
+ <impact>
537
+ A remote attacker with the ability to sniff network traffic could decrypt long-lived TLS or SSL sessions.
538
+ </impact>
539
+ <background>
540
+ A Block Cipher is an encryption algorithm which operates on a fixed-size block of data. Plaintext messages which are larger than the block size must be split into multiple blocks before being encrypted by the algorithm.
541
+ </background>
542
+ <problem>
543
+ SWEET32 Attack
544
+ 08/29/16
545
+ CVE 2016-2183
546
+ Block ciphers with small block sizes are susceptible to a class of attacks known as birthday attacks.
547
+ These attacks take advantage of multiple blocks which return identical ciphertext, known as collisions. The probability of collisions occurring becomes significant after a large number of blocks have been encrypted using the same key.
548
+ The SWEET32 attack is a specific birthday attack which reveals the XOR (exclusive-OR) between a fixed secret and known plaintext, thus allowing the secret to be determined.
549
+ This attack can be launched in a browser session by javascript code which makes repeated requests containing an authentication token and predictable headers.
550
+ Successful exploitation requires about 785 GB of data to be captured, and the attacker must be able to inject javascript into a web session and to sniff data from the network.
551
+ </problem>
552
+ <resolution>
553
+ Disable ciphers which have a 64-bit block size, such as Triple-DES as follows:
554
+ Apache/OpenSSL: Upgrade to OpenSSL 1.1.0, which disables Triple-DES ciphers by default. Alternatively, upgrade to OpenSSL 1.0.1u or 1.0.2i or higher, which classify Triple-DES ciphers as MEDIUM, and insert !MEDIUM in the SSLCipherSuite directive in the appropriate web server configuration file.
555
+ IIS: Disable DES and 3DES ciphers as described in Microsoft Knowledge Base Article
556
+ [http://support.microsoft.com/kb/245030] 245030.
557
+ Note: disabling Triple-DES ciphers may affect compatibility with older clients.
558
+ </resolution>
559
+ <reference>
560
+ For more information on the SWEET32 attack, see
561
+ [https://sweet32.info] sweet32.info and the
562
+ [https://bobcares.com/blog/how-to-fix-sweet32-birthday-attacks-vulnerability-cve-2016-2183/] Bobcares Blog.
563
+ </reference>
564
+ <vuln_details>
565
+ Service: smtp
566
+ Server accepted TLS 1.0 64-bit block size cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA </vuln_details>
567
+ </vulnerability>
568
+ <vulnerability>
569
+ <description>SSL/TLS server supports short block sizes (SWEET32 attack)</description>
570
+ <hostname>192.168.150.163</hostname>
571
+ <ipaddr>192.168.150.163</ipaddr>
572
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
573
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
574
+ <status>new</status>
575
+ <severity>Potential Problem</severity>
576
+ <cve>CVE-2016-2183</cve>
577
+ <cvss_base_score>5.0</cvss_base_score>
578
+ <impact>
579
+ A remote attacker with the ability to sniff network traffic could decrypt long-lived TLS or SSL sessions.
580
+ </impact>
581
+ <background>
582
+ A Block Cipher is an encryption algorithm which operates on a fixed-size block of data. Plaintext messages which are larger than the block size must be split into multiple blocks before being encrypted by the algorithm.
583
+ </background>
584
+ <problem>
585
+ SWEET32 Attack
586
+ 08/29/16
587
+ CVE 2016-2183
588
+ Block ciphers with small block sizes are susceptible to a class of attacks known as birthday attacks.
589
+ These attacks take advantage of multiple blocks which return identical ciphertext, known as collisions. The probability of collisions occurring becomes significant after a large number of blocks have been encrypted using the same key.
590
+ The SWEET32 attack is a specific birthday attack which reveals the XOR (exclusive-OR) between a fixed secret and known plaintext, thus allowing the secret to be determined.
591
+ This attack can be launched in a browser session by javascript code which makes repeated requests containing an authentication token and predictable headers.
592
+ Successful exploitation requires about 785 GB of data to be captured, and the attacker must be able to inject javascript into a web session and to sniff data from the network.
593
+ </problem>
594
+ <resolution>
595
+ Disable ciphers which have a 64-bit block size, such as Triple-DES as follows:
596
+ Apache/OpenSSL: Upgrade to OpenSSL 1.1.0, which disables Triple-DES ciphers by default. Alternatively, upgrade to OpenSSL 1.0.1u or 1.0.2i or higher, which classify Triple-DES ciphers as MEDIUM, and insert !MEDIUM in the SSLCipherSuite directive in the appropriate web server configuration file.
597
+ IIS: Disable DES and 3DES ciphers as described in Microsoft Knowledge Base Article
598
+ [http://support.microsoft.com/kb/245030] 245030.
599
+ Note: disabling Triple-DES ciphers may affect compatibility with older clients.
600
+ </resolution>
601
+ <reference>
602
+ For more information on the SWEET32 attack, see
603
+ [https://sweet32.info] sweet32.info and the
604
+ [https://bobcares.com/blog/how-to-fix-sweet32-birthday-attacks-vulnerability-cve-2016-2183/] Bobcares Blog.
605
+ </reference>
606
+ <vuln_details>
607
+ Service: https
608
+ Server accepted TLS 1.0 64-bit block size cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA </vuln_details>
609
+ </vulnerability>
610
+ <vulnerability>
611
+ <description>SSL/TLS server supports short block sizes (SWEET32 attack)</description>
612
+ <hostname>192.168.150.163</hostname>
613
+ <ipaddr>192.168.150.163</ipaddr>
614
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
615
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
616
+ <status>new</status>
617
+ <severity>Potential Problem</severity>
618
+ <cve>CVE-2016-2183</cve>
619
+ <cvss_base_score>5.0</cvss_base_score>
620
+ <impact>
621
+ A remote attacker with the ability to sniff network traffic could decrypt long-lived TLS or SSL sessions.
622
+ </impact>
623
+ <background>
624
+ A Block Cipher is an encryption algorithm which operates on a fixed-size block of data. Plaintext messages which are larger than the block size must be split into multiple blocks before being encrypted by the algorithm.
625
+ </background>
626
+ <problem>
627
+ SWEET32 Attack
628
+ 08/29/16
629
+ CVE 2016-2183
630
+ Block ciphers with small block sizes are susceptible to a class of attacks known as birthday attacks.
631
+ These attacks take advantage of multiple blocks which return identical ciphertext, known as collisions. The probability of collisions occurring becomes significant after a large number of blocks have been encrypted using the same key.
632
+ The SWEET32 attack is a specific birthday attack which reveals the XOR (exclusive-OR) between a fixed secret and known plaintext, thus allowing the secret to be determined.
633
+ This attack can be launched in a browser session by javascript code which makes repeated requests containing an authentication token and predictable headers.
634
+ Successful exploitation requires about 785 GB of data to be captured, and the attacker must be able to inject javascript into a web session and to sniff data from the network.
635
+ </problem>
636
+ <resolution>
637
+ Disable ciphers which have a 64-bit block size, such as Triple-DES as follows:
638
+ Apache/OpenSSL: Upgrade to OpenSSL 1.1.0, which disables Triple-DES ciphers by default. Alternatively, upgrade to OpenSSL 1.0.1u or 1.0.2i or higher, which classify Triple-DES ciphers as MEDIUM, and insert !MEDIUM in the SSLCipherSuite directive in the appropriate web server configuration file.
639
+ IIS: Disable DES and 3DES ciphers as described in Microsoft Knowledge Base Article
640
+ [http://support.microsoft.com/kb/245030] 245030.
641
+ Note: disabling Triple-DES ciphers may affect compatibility with older clients.
642
+ </resolution>
643
+ <reference>
644
+ For more information on the SWEET32 attack, see
645
+ [https://sweet32.info] sweet32.info and the
646
+ [https://bobcares.com/blog/how-to-fix-sweet32-birthday-attacks-vulnerability-cve-2016-2183/] Bobcares Blog.
647
+ </reference>
648
+ <vuln_details>
649
+ Service: 587:TCP
650
+ Server accepted TLS 1.0 64-bit block size cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA </vuln_details>
651
+ </vulnerability>
652
+ <vulnerability>
653
+ <description>587/TCP</description>
654
+ <hostname>192.168.150.163</hostname>
655
+ <ipaddr>192.168.150.163</ipaddr>
656
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
657
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
658
+ <status>new</status>
659
+ <severity>Service</severity>
660
+ <vuln_details>
661
+ 220 mail.securednet.ca ESMTP ready </vuln_details>
662
+ </vulnerability>
663
+ <vulnerability>
664
+ <description>SMTP</description>
665
+ <hostname>192.168.150.163</hostname>
666
+ <ipaddr>192.168.150.163</ipaddr>
667
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
668
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
669
+ <status>new</status>
670
+ <severity>Service</severity>
671
+ <vuln_details>
672
+ 220 mail.securednet.ca ESMTP ready </vuln_details>
673
+ </vulnerability>
674
+ <vulnerability>
675
+ <description>WWW</description>
676
+ <hostname>192.168.150.163</hostname>
677
+ <ipaddr>192.168.150.163</ipaddr>
678
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
679
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
680
+ <status>new</status>
681
+ <severity>Service</severity>
682
+ <vuln_details>
683
+ HTTP/1.1 403 Forbidden
684
+ Date: Wed, 22 Mar 2017 17:18:01 GMT
685
+ Cache-Control: no-cache
686
+ Pragma: no-cache
687
+ Content-Type: text/html; charset="UTF-8"
688
+ Content-Length: </vuln_details>
689
+ </vulnerability>
690
+ <vulnerability>
691
+ <description>WWW (Secure)</description>
692
+ <hostname>192.168.150.163</hostname>
693
+ <ipaddr>192.168.150.163</ipaddr>
694
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
695
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
696
+ <status>new</status>
697
+ <severity>Service</severity>
698
+ <vuln_details>
699
+ HTTP/1.1 403 Forbidden
700
+ Date: Wed, 22 Mar 2017 17:18:01 GMT
701
+ Cache-Control: no-cache
702
+ Pragma: no-cache
703
+ Content-Type: text/html; charset="UTF-8"
704
+ Content-Length: </vuln_details>
705
+ </vulnerability>
706
+ <vulnerability>
707
+ <description>urd (465/TCP)</description>
708
+ <hostname>192.168.150.163</hostname>
709
+ <ipaddr>192.168.150.163</ipaddr>
710
+ <hosttype>Linux 2.6.18 - 2.6.22</hosttype>
711
+ <scan_time>Mar 22 13:22:35 2017</scan_time>
712
+ <status>new</status>
713
+ <severity>Service</severity>
714
+ <vuln_details>
715
+ 220 mail.securednet.ca ESMTP ready </vuln_details>
716
+ </vulnerability>
717
+ </details>
718
+ </report>