Possible false positive in NVT: SSL/TLS: Report Weak Cipher Suites

Hi, I performed a Full and Fast scan on Openvas and the NVT
SSL/TLS: Report Supported Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.802067). This NVT works with the CVEs: CVE-2013-2566, CVE-2015-2808 and CVE-2015-4000 performing cipher verification: This routine reports all Weak SSL/TLS cipher suites accepted by a service.

In a test run, the following output was obtained:

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_SEED_CBC_SHA

In the NVT description, it is mentioned about the RC4 cipher that is related to the CVEs: CVE-2013-2566 and CVE-2015-2808. However, RC4 does not appear in the NVT result on the target machine. Why then were these CVEs reported when the RC4 cipher is not present?

Please don’t create multiple threads about the same, there is already the following:

Short note: This is not a false positive.

1 Like

Can you explain why it is not a false positive?

Some one might give an more advanced answer in the existing thread Questions about NVT SSL/TLS: Report Weak Cipher Suites in the future / as time permits (there is no SLA / guarantee for answers in this forums as it is volunteer based).

(closed as duplicate)