Closed ext-im closed 3 years ago
I have posted all the Output which were flagged from the Nessus scanning tool. These were the security vulnerabilities listed for the current version of NSclinet++, is it possible to fix these vulnerabilities ?
Issue and Steps to Reproduce
Describe your issue and tell us how to reproduce it.
When we performed the scan using Nessus we discovered the NSClient++ is having multiple security vulnerabilities. We are still using the latest version of NSClient which is 0.5.2.35
Expected Behavior
Can someone provide a solution how to fix these vulnerabilities?
Actual Behavior
1) SSL Medium Strength Cipher Suites Supported (SWEET32) 2) HIGH SSL Certificate Signed Using Weak Hashing Algorithm 3) SSL Certificate Cannot Be Trusted
4) SSL Self-Signed Certificate
5) OpenSSL AES-NI Padding Oracle MitM Information Disclosure
Details
Additional Details
CVE-2004-2761: https://www.tenable.com/plugins/nessus/35291 CVE-2016-2183: https://www.tenable.com/plugins/nessus/42873 https://www.tenable.com/plugins/nessus/51192 https://www.tenable.com/plugins/nessus/57582 CVE-2016-2107: https://www.tenable.com/plugins/nessus/91572
CVE-2004-2761: https://www.tenable.com/plugins/nessus/35291 CVE-2016-2183: https://www.tenable.com/plugins/nessus/42873 https://www.tenable.com/plugins/nessus/51192 https://www.tenable.com/plugins/nessus/57582 CVE-2016-2107: https://www.tenable.com/plugins/nessus/91572