1

This is my first time running a vulnerability scan software like OpenVas. It is really a great tool to found out about vulnerabilities in the network. I have found difficult to troubleshoot the vulnerabilities related to weak cipher suites and protocols. For example, the OpenVas reports: 

2.6.2 Medium 48004/tcp Medium (CVSS: 4.3) NVT: SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE) Summary This host is prone to an information disclosure vulnerability.

However, when I scan the same server with Qualys SSL Labs online test, I get:

Protocols TLS 1.3 No TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No For TLS 1.3 tests, we currently support draft version 18.

I remember using IISCrypto in this machine to disable obsolete protocols and cipher suites.

Can a server have cipher suites enable/disable in some ports? Can my Windows Server have SSL3 enable in port 48004, but disable on port 443?

Thanks

Improve this question
2
  • As far as I remember ssl labs refuses non 443 port scans. Try a fry account over at sslping.com. Or try scanning with testssl.sh. Commented Jan 5, 2018 at 20:50
  • You can also try scanning it yourself with nmap. nmap -sV --unprivileged --script ssl-enum-ciphers -p 48004 hostname Commented Jan 6, 2018 at 3:43

1 Answer 1

Reset to default
1

Can a server have cipher suites enable/disable in some ports? Can my Windows Server have SSL3 enable in port 48004, but disable on port 443?

Yes. The actual application bound to a specific port may be different or may have a different configuration. For example, you could run apache on 443 and nginx on port 8000. You may be running some other app or DB which has a web service on 48004, possibly nimbusdb.

I would check what app is actually running and see what webserver application is actually being used and how to properly configure it.

As @StackzOfZtuff noted in his comments, Qualys is only scanning 443 and does not scan other ports, so its not telling you anything about port 48004.

Improve this answer
2
  • Thanks for the response. Does that means that when IIS Crypto changes the values in the registry of the server it only affects port 443 and NOT the entire server? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL Commented Jan 8, 2018 at 12:55
  • I do not use the too, but from a quick review of their docs I believe it only affects IIS. If IIS is not running on the other ports, it would not impact those ports- IIS is not necessarily a proxy or gateway before other web servers your system may run. Commented Jan 8, 2018 at 18:07

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.