False negative: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

FairFight · August 22, 2022, 3:13pm

Name: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
OID: 1.3.6.1.4.1.25623.1.0.108031

For some reason, the above mentioned VT is not reporting any vulnerabilities anymore, when 3DES/DES ciphers is used.
An example is that the SSL/TLS: Report Supported Cipher Suites reports the following ciphers on SSLv3:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA

I would have expected the SSL/TLS: Report Vulnerable Cipher Suites for HTTPS VT to be triggered as vulnerable, because of the highlighted ciphers (and quite a few others).
The example is the output from a scan of https://zero.webappsecurity.com/ which is very vulnerable.

Am I misunderstanding something or should’nt the mentioned VT have triggered?

I have tested using GSE v 22.4.0 - NVT feed 20220822T1012.

cfi · August 23, 2022, 12:17pm

Thanks a lot for your posting.

Based on my tests with the current supported GVM / GOS versions 21.04 and 22.04 both running a current feed version (there haven’t been any functional change to this VT since nearly a year) this seems to work as expected in GOS 21.04 but the report is indeed missing in GOS 22.04 for unknown reasons.

As there haven’t been any changes on VT side i would suggest one of the following:

Creating a new topic in Greenbone Community Edition - Greenbone Community Portal for some debugging help from GVM side
Directly create an issue at Issues · greenbone/openvas-scanner · GitHub for making the responsible team working on this component aware of a possible problem

Greenbone OS 21.04.12

Greenbone OS 22.04.1

No result found.

FairFight · August 23, 2022, 12:32pm

Thank you for your help and for replicating the issue in GOS.
I have reposted the issue in the GCE section and hope they can help finding the issue.