Nessus ReportNessus Scan Report
29/May/2014:13:15:52
Nessus Home: Commercial use of the report is prohibitedAny time Nessus is used in a commercial environment you MUST maintain an activesubscription to the Nessus Feed in order to be compliant with our license agreement:http://www.tenable.com/products/nessus
Table Of ContentsHosts Summary (Executive).................................................................................................3
172.30.34.145..............................................................................................................................................................4
Vulnerabilities By Host......................................................................................................... 5172.30.34.145..............................................................................................................................................................6
Vulnerabilities By Plugin.....................................................................................................1570658 (1) - SSH Server CBC Mode Ciphers Enabled............................................................................................. 1671049 (1) - SSH Weak MAC Algorithms Enabled....................................................................................................1710114 (1) - ICMP Timestamp Request Remote Date Disclosure.............................................................................1810267 (1) - SSH Server Type and Version Information........................................................................................... 1910287 (1) - Traceroute Information...........................................................................................................................2010881 (1) - SSH Protocol Versions Supported.........................................................................................................2111219 (1) - Nessus SYN scanner.............................................................................................................................2211936 (1) - OS Identification.....................................................................................................................................2319506 (1) - Nessus Scan Information.......................................................................................................................2422964 (1) - Service Detection...................................................................................................................................2525220 (1) - TCP/IP Timestamps Supported............................................................................................................. 2635716 (1) - Ethernet Card Manufacturer Detection.................................................................................................. 2739520 (1) - Backported Security Patch Detection (SSH)......................................................................................... 2845590 (1) - Common Platform Enumeration (CPE)..................................................................................................2954615 (1) - Device Type...........................................................................................................................................3070657 (1) - SSH Algorithms and Languages Supported..........................................................................................31
Hosts Summary (Executive)
4172.30.34.145Summary
Critical High Medium Low Info Total
0 0 0 2 14 16
DetailsSeverity Plugin Id Name
Low (2.6) 70658 SSH Server CBC Mode Ciphers Enabled
Low (2.6) 71049 SSH Weak MAC Algorithms Enabled
Info 10114 ICMP Timestamp Request Remote Date Disclosure
Info 10267 SSH Server Type and Version Information
Info 10287 Traceroute Information
Info 10881 SSH Protocol Versions Supported
Info 11219 Nessus SYN scanner
Info 11936 OS Identification
Info 19506 Nessus Scan Information
Info 22964 Service Detection
Info 25220 TCP/IP Timestamps Supported
Info 35716 Ethernet Card Manufacturer Detection
Info 39520 Backported Security Patch Detection (SSH)
Info 45590 Common Platform Enumeration (CPE)
Info 54615 Device Type
Info 70657 SSH Algorithms and Languages Supported
Vulnerabilities By Host
6172.30.34.145Scan Information
Start time: Thu May 29 13:11:47 2014
End time: Thu May 29 13:15:51 2014
Host InformationIP: 172.30.34.145
MAC Address: ac:16:2d:02:a8:12
OS: Linux Kernel 3.2, Linux Kernel 3.3
Results SummaryCritical High Medium Low Info Total
0 0 0 2 14 16
Results Details0/icmp10114 - ICMP Timestamp Request Remote Date DisclosureSynopsis
It is possible to determine the exact time set on the remote host.Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.
SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk FactorNone
ReferencesCVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:Publication date: 1999/08/01, Modification date: 2012/06/18
Portsicmp/0
The difference between the local and remote clocks is -2 seconds.
0/tcp25220 - TCP/IP Timestamps SupportedSynopsis
The remote service implements TCP timestamps.Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.
See Alsohttp://www.ietf.org/rfc/rfc1323.txt
7Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/05/16, Modification date: 2011/03/20
Portstcp/035716 - Ethernet Card Manufacturer DetectionSynopsis
The manufacturer can be deduced from the Ethernet OUI.Description
Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.These OUI are registered by IEEE.
See Alsohttp://standards.ieee.org/faqs/OUI.html
http://standards.ieee.org/regauth/oui/index.shtml
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/02/19, Modification date: 2011/03/27
Portstcp/0
The following card manufacturers were identified :
ac:16:2d:02:a8:12 : Hewlett Packard
11936 - OS IdentificationSynopsis
It is possible to guess the remote operating system.Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2003/12/09, Modification date: 2014/02/19
Portstcp/0
Remote operating system : Linux Kernel 3.2Linux Kernel 3.3Confidence Level : 59Method : SinFP
8The remote host is running one of these operating systems : Linux Kernel 3.2Linux Kernel 3.3
45590 - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Alsohttp://cpe.mitre.org/
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2010/04/21, Modification date: 2014/05/15
Portstcp/0
The remote operating system matched the following CPE's :
cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:3.3
Following application CPE matched on the remote system :
cpe:/a:openbsd:openssh:5.3 -> OpenBSD OpenSSH 5.3
54615 - Device TypeSynopsis
It is possible to guess the remote device type.Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/05/23, Modification date: 2011/05/23
Portstcp/0
Remote device type : general-purposeConfidence level : 59
19506 - Nessus Scan InformationSynopsis
Information about the Nessus scan.
DescriptionThis script displays, for each tested host, information about the scan itself :- The version of the plugin set
9- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2005/08/26, Modification date: 2014/04/07
Portstcp/0
Information about this scan :
Nessus version : 5.2.6Plugin feed version : 201405291715Scanner edition used : Nessus HomeScan policy used : davidScanner IP : 172.30.34.184Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : DetectedAllow post-scan editing: YesScan Start Date : 2014/5/29 13:11Scan duration : 244 sec
0/udp10287 - Traceroute InformationSynopsis
It was possible to obtain traceroute information.Description
Makes a traceroute to the remote host.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 1999/11/27, Modification date: 2013/04/11
Portsudp/0
For your information, here is the traceroute from 172.30.34.184 to 172.30.34.145 : 172.30.34.184
10
172.30.34.145
22/tcp71049 - SSH Weak MAC Algorithms EnabledSynopsis
SSH is configured to allow MD5 and 96-bit MAC algorithms.Description
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.
SolutionContact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2013/11/22, Modification date: 2013/11/23
Portstcp/22
The following client-to-server Method Authentication Code (MAC) algorithmsare supported :
hmac-md5 hmac-md5-96 hmac-sha1-96
The following server-to-client Method Authentication Code (MAC) algorithmsare supported :
hmac-md5 hmac-md5-96 hmac-sha1-96
70658 - SSH Server CBC Mode Ciphers EnabledSynopsis
The SSH server is configured to use Cipher Block Chaining.Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker torecover the plaintext message from the ciphertext.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.
SolutionContact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR orGCM cipher mode encryption.
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score2.3 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
ReferencesBID 32319
11
CVE CVE-2008-5161
XREF OSVDB:50035
XREF OSVDB:50036
XREF CERT:958563
XREF CWE:200
Plugin Information:Publication date: 2013/10/28, Modification date: 2014/01/28
Portstcp/22
The following client-to-server Cipher Block Chaining (CBC) algorithmsare supported :
3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc [email protected]
The following server-to-client Cipher Block Chaining (CBC) algorithmsare supported :
3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc [email protected]
11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Portstcp/22
Port 22/tcp was found to be open
22964 - Service DetectionSynopsis
The remote service could be identified.
DescriptionIt was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
12
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/08/19, Modification date: 2014/05/09
Portstcp/22
An SSH server is running on this port.
10267 - SSH Server Type and Version InformationSynopsis
An SSH server is listening on this port.Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 1999/10/12, Modification date: 2011/10/24
Portstcp/22
SSH version : SSH-2.0-OpenSSH_5.3SSH supported authentication : publickey,gssapi-keyex,gssapi-with-mic,password
70657 - SSH Algorithms and Languages SupportedSynopsis
An SSH server is listening on this port.Description
This script detects which algorithms and languages are supported by the remote service for encryptingcommunications.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2013/10/28, Modification date: 2014/04/04
Portstcp/22
Nessus negotiated the following encryption algorithm with the server : aes128-cbc
The server supports the following options for kex_algorithms :
diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1
The server supports the following options for server_host_key_algorithms :
ssh-dss
13
ssh-rsa
The server supports the following options for encryption_algorithms_client_to_server :
3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected]
The server supports the following options for encryption_algorithms_server_to_client :
3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected]
The server supports the following options for mac_algorithms_client_to_server :
hmac-md5 hmac-md5-96 hmac-ripemd160 [email protected] hmac-sha1 hmac-sha1-96 [email protected]
The server supports the following options for mac_algorithms_server_to_client :
hmac-md5 hmac-md5-96 hmac-ripemd160 [email protected] hmac-sha1 hmac-sha1-96 [email protected]
The server supports the following options for compression_algorithms_client_to_server :
none
The server supports the following options for compression_algorithms_server_to_client :
none
10881 - SSH Protocol Versions SupportedSynopsis
A SSH server is running on the remote host.Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.Solution
n/a
14
Risk FactorNone
Plugin Information:Publication date: 2002/03/06, Modification date: 2013/10/21
Portstcp/22
The remote SSH daemon supports the following versions of theSSH protocol :
- 1.99 - 2.0
SSHv2 host key fingerprint : 3f:a8:cf:b6:0b:55:f1:90:cb:be:b5:16:e7:d5:b3:36
39520 - Backported Security Patch Detection (SSH)Synopsis
Security patches are backported.Description
Security patches may have been 'backported' to the remote SSH server without changing its version number.Banner-based checks have been disabled to avoid false positives.Note that this test is informational only and does not denote any security problem.
See Alsohttp://www.nessus.org/u?d636c8c7
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/06/25, Modification date: 2013/04/03
Portstcp/22
Give Nessus credentials to perform local checks.
Vulnerabilities By Plugin
16
70658 (1) - SSH Server CBC Mode Ciphers EnabledSynopsis
The SSH server is configured to use Cipher Block Chaining.Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker torecover the plaintext message from the ciphertext.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.
SolutionContact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR orGCM cipher mode encryption.
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score2.3 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
ReferencesBID 32319
CVE CVE-2008-5161
XREF OSVDB:50035
XREF OSVDB:50036
XREF CERT:958563
XREF CWE:200
Plugin Information:Publication date: 2013/10/28, Modification date: 2014/01/28
Hosts172.30.34.145 (tcp/22)
The following client-to-server Cipher Block Chaining (CBC) algorithmsare supported :
3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc [email protected]
The following server-to-client Cipher Block Chaining (CBC) algorithmsare supported :
3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc [email protected]
17
71049 (1) - SSH Weak MAC Algorithms EnabledSynopsis
SSH is configured to allow MD5 and 96-bit MAC algorithms.Description
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.
SolutionContact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2013/11/22, Modification date: 2013/11/23
Hosts172.30.34.145 (tcp/22)
The following client-to-server Method Authentication Code (MAC) algorithmsare supported :
hmac-md5 hmac-md5-96 hmac-sha1-96
The following server-to-client Method Authentication Code (MAC) algorithmsare supported :
hmac-md5 hmac-md5-96 hmac-sha1-96
18
10114 (1) - ICMP Timestamp Request Remote Date DisclosureSynopsis
It is possible to determine the exact time set on the remote host.Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.
SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk FactorNone
ReferencesCVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:Publication date: 1999/08/01, Modification date: 2012/06/18
Hosts172.30.34.145 (icmp/0)
The difference between the local and remote clocks is -2 seconds.
19
10267 (1) - SSH Server Type and Version InformationSynopsis
An SSH server is listening on this port.Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 1999/10/12, Modification date: 2011/10/24
Hosts172.30.34.145 (tcp/22)
SSH version : SSH-2.0-OpenSSH_5.3SSH supported authentication : publickey,gssapi-keyex,gssapi-with-mic,password
20
10287 (1) - Traceroute InformationSynopsis
It was possible to obtain traceroute information.Description
Makes a traceroute to the remote host.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 1999/11/27, Modification date: 2013/04/11
Hosts172.30.34.145 (udp/0)
For your information, here is the traceroute from 172.30.34.184 to 172.30.34.145 : 172.30.34.184172.30.34.145
21
10881 (1) - SSH Protocol Versions SupportedSynopsis
A SSH server is running on the remote host.Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 2002/03/06, Modification date: 2013/10/21
Hosts172.30.34.145 (tcp/22)
The remote SSH daemon supports the following versions of theSSH protocol :
- 1.99 - 2.0
SSHv2 host key fingerprint : 3f:a8:cf:b6:0b:55:f1:90:cb:be:b5:16:e7:d5:b3:36
22
11219 (1) - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Hosts172.30.34.145 (tcp/22)
Port 22/tcp was found to be open
23
11936 (1) - OS IdentificationSynopsis
It is possible to guess the remote operating system.Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2003/12/09, Modification date: 2014/02/19
Hosts172.30.34.145 (tcp/0)
Remote operating system : Linux Kernel 3.2Linux Kernel 3.3Confidence Level : 59Method : SinFP
The remote host is running one of these operating systems : Linux Kernel 3.2Linux Kernel 3.3
24
19506 (1) - Nessus Scan InformationSynopsis
Information about the Nessus scan.
DescriptionThis script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2005/08/26, Modification date: 2014/04/07
Hosts172.30.34.145 (tcp/0)
Information about this scan :
Nessus version : 5.2.6Plugin feed version : 201405291715Scanner edition used : Nessus HomeScan policy used : davidScanner IP : 172.30.34.184Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : DetectedAllow post-scan editing: YesScan Start Date : 2014/5/29 13:11Scan duration : 244 sec
25
22964 (1) - Service DetectionSynopsis
The remote service could be identified.
DescriptionIt was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/08/19, Modification date: 2014/05/09
Hosts172.30.34.145 (tcp/22)
An SSH server is running on this port.
26
25220 (1) - TCP/IP Timestamps SupportedSynopsis
The remote service implements TCP timestamps.Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.
See Alsohttp://www.ietf.org/rfc/rfc1323.txt
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/05/16, Modification date: 2011/03/20
Hosts172.30.34.145 (tcp/0)
27
35716 (1) - Ethernet Card Manufacturer DetectionSynopsis
The manufacturer can be deduced from the Ethernet OUI.Description
Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.These OUI are registered by IEEE.
See Alsohttp://standards.ieee.org/faqs/OUI.html
http://standards.ieee.org/regauth/oui/index.shtml
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/02/19, Modification date: 2011/03/27
Hosts172.30.34.145 (tcp/0)
The following card manufacturers were identified :
ac:16:2d:02:a8:12 : Hewlett Packard
28
39520 (1) - Backported Security Patch Detection (SSH)Synopsis
Security patches are backported.Description
Security patches may have been 'backported' to the remote SSH server without changing its version number.Banner-based checks have been disabled to avoid false positives.Note that this test is informational only and does not denote any security problem.
See Alsohttp://www.nessus.org/u?d636c8c7
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/06/25, Modification date: 2013/04/03
Hosts172.30.34.145 (tcp/22)
Give Nessus credentials to perform local checks.
29
45590 (1) - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Alsohttp://cpe.mitre.org/
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2010/04/21, Modification date: 2014/05/15
Hosts172.30.34.145 (tcp/0)
The remote operating system matched the following CPE's :
cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:3.3
Following application CPE matched on the remote system :
cpe:/a:openbsd:openssh:5.3 -> OpenBSD OpenSSH 5.3
30
54615 (1) - Device TypeSynopsis
It is possible to guess the remote device type.Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/05/23, Modification date: 2011/05/23
Hosts172.30.34.145 (tcp/0)
Remote device type : general-purposeConfidence level : 59
31
70657 (1) - SSH Algorithms and Languages SupportedSynopsis
An SSH server is listening on this port.Description
This script detects which algorithms and languages are supported by the remote service for encryptingcommunications.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2013/10/28, Modification date: 2014/04/04
Hosts172.30.34.145 (tcp/22)
Nessus negotiated the following encryption algorithm with the server : aes128-cbc
The server supports the following options for kex_algorithms :
diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1
The server supports the following options for server_host_key_algorithms :
ssh-dss ssh-rsa
The server supports the following options for encryption_algorithms_client_to_server :
3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected]
The server supports the following options for encryption_algorithms_server_to_client :
3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected]
The server supports the following options for mac_algorithms_client_to_server :
hmac-md5 hmac-md5-96
32
hmac-ripemd160 [email protected] hmac-sha1 hmac-sha1-96 [email protected]
The server supports the following options for mac_algorithms_server_to_client :
hmac-md5 hmac-md5-96 hmac-ripemd160 [email protected] hmac-sha1 hmac-sha1-96 [email protected]
The server supports the following options for compression_algorithms_client_to_server :
none
The server supports the following options for compression_algorithms_server_to_client :
none
Table Of ContentsHosts Summary (Executive)172.30.34.145
Vulnerabilities By Host172.30.34.145
Vulnerabilities By Plugin70658 (1) - SSH Server CBC Mode Ciphers Enabled71049 (1) - SSH Weak MAC Algorithms Enabled10114 (1) - ICMP Timestamp Request Remote Date Disclosure10267 (1) - SSH Server Type and Version Information10287 (1) - Traceroute Information10881 (1) - SSH Protocol Versions Supported11219 (1) - Nessus SYN scanner11936 (1) - OS Identification19506 (1) - Nessus Scan Information22964 (1) - Service Detection25220 (1) - TCP/IP Timestamps Supported35716 (1) - Ethernet Card Manufacturer Detection39520 (1) - Backported Security Patch Detection (SSH)45590 (1) - Common Platform Enumeration (CPE)54615 (1) - Device Type70657 (1) - SSH Algorithms and Languages Supported