Hi, I performed a Full and Fast scan on Openvas and the NVT
SSL/TLS: Report Supported Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.802067). This NVT works with the CVEs: CVE-2013-2566, CVE-2015-2808 and CVE-2015-4000 performing cipher verification: This routine reports all Weak SSL/TLS cipher suites accepted by a service.
In a test run, the following output was obtained:
'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_SEED_CBC_SHA
In the NVT description, it is mentioned about the RC4 cipher that is related to the CVEs: CVE-2013-2566 and CVE-2015-2808. However, RC4 does not appear in the NVT result on the target machine. Why then were these CVEs reported when the RC4 cipher is not present?