"Report Vulnerable Cipher Suites for HTTPS" VT not reporting in GSEv22.4

GVM versions

gsad: 22.04.0
gvmd: 22.4.0~dev1
openvas-scanner: 22.4.0
gvm-libs: 22.4.0

Environment

Operating system: Debian 11
Kernel: Linux 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) x86_64 GNU/Linux
Installation method / source: Builded from source

Name: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
OID: 1.3.6.1.4.1.25623.1.0.108031

For some reason, the above mentioned VT is not reporting any vulnerabilities anymore, when 3DES/DES ciphers is used.
An example is that the SSL/TLS: Report Supported Cipher Suites reports the following ciphers on SSLv3:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA

I would have expected the SSL/TLS: Report Vulnerable Cipher Suites for HTTPS VT to be triggered as vulnerable, because of the highlighted ciphers (and quite a few others).
The example is the output from a scan of https://zero.webappsecurity.com/ which is very vulnerable.

Am I misunderstanding something or should’nt the mentioned VT have triggered?

I have tested using GSE v 22.4.0 - NVT feed 20220822T1012.
cfi has tested using GOS 21.04 and 22.04 - he could replicate the issue on GOS 22.04.1

Hello @FairFight,
Did you check that the target is found alive? This can be find in the logs.
My first run I found 0 results, but I found that the host is doesn’t respond the ping (default alive test method).
After setting the target with “consider alive”, I was able to get results.

Although, while I was testing this issue, I found another issue which can be related. I prepared a patch for it. May be this helps
If you wanto/can, please try it and let me know if it works. At least, you will get some more results.

3 Likes

Ok, I tested this again, but I build the scanner with -DCMAKE_BUILD_TYPE="Release" flag. Without the patch I have no alert result in the report. But with the patch I get the result again.

Thanks for reporting this @FairFight !

Best regards.

3 Likes