Name: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
For some reason, the above mentioned VT is not reporting any vulnerabilities anymore, when 3DES/DES ciphers is used.
An example is that the SSL/TLS: Report Supported Cipher Suites reports the following ciphers on SSLv3:
I would have expected the SSL/TLS: Report Vulnerable Cipher Suites for HTTPS VT to be triggered as vulnerable, because of the highlighted ciphers (and quite a few others).
The example is the output from a scan of https://zero.webappsecurity.com/ which is very vulnerable.
Am I misunderstanding something or should’nt the mentioned VT have triggered?
I have tested using GSE v 22.4.0 - NVT feed 20220822T1012.
Based on my tests with the current supported GVM / GOS versions 21.04 and 22.04 both running a current feed version (there haven’t been any functional change to this VT since nearly a year) this seems to work as expected in GOS 21.04 but the report is indeed missing in GOS 22.04 for unknown reasons.
As there haven’t been any changes on VT side i would suggest one of the following: