OpenVAS did not flag SSL issues and TLS version detection

roy.wong · November 7, 2022, 5:44am

Hi,

VT scan did not pick up vulnerability related to TLS and Cipher detection (Sweet32)

OpenVAS did not flag SSL issues (e.g., medium strength cipher suites SWEET32 supported), and TLS version detection (e.g., TLS 1.1, TLS 1.0).

Version Used: Greenbone Community Edition 22.4.0

We require assistance why this is not detected.

Thank you

Regards,
Roy

TreAtW · November 7, 2022, 9:02am

Hi Roy, and welcome to the Greenbone Community Forum.

Is the target host being scanned? If it’s not responding to the Host Alive Detection, it may be falsely seen as offline, which will lead to no VTs being used.
Is the vulnerable port on the target host included in the port list you’re using?

FairFight · November 9, 2022, 7:25am

Hi Roy,

You might be experiencing the same issue as I discussed in
“Report Vulnerable Cipher Suites for HTTPS” VT not reporting in GSEv22.4.
Unfortunately, there has been no release of openvas-scanner since the PR were merged.