Operating system: Debian 11
Kernel: Linux 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) x86_64 GNU/Linux
Installation method / source: Builded from source
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
For some reason, the above mentioned VT is not reporting any vulnerabilities anymore, when 3DES/DES ciphers is used.
An example is that the
SSL/TLS: Report Supported Cipher Suites reports the following ciphers on SSLv3:
I would have expected the
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS VT to be triggered as vulnerable, because of the highlighted ciphers (and quite a few others).
The example is the output from a scan of https://zero.webappsecurity.com/ which is very vulnerable.
Am I misunderstanding something or should’nt the mentioned VT have triggered?
I have tested using GSE v 22.4.0 - NVT feed 20220822T1012.
cfi has tested using GOS 21.04 and 22.04 - he could replicate the issue on GOS 22.04.1