PCI v3.2-6.5.4
CAPEC-117
CWE-311
ISO27001-A.14.1.3
WASC-4
OWASP 2013-A6
OWASP 2017-A3
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Anonymous Ciphers Supported

Severity:
Medium
Summary

Invicti detected that anonymous ciphers is supported during secure communication (SSL).

You should allow only strong ciphers on your web server to protect your secure communication with your visitors.

Impact

Attackers can perform man-in-the middle attacks and observe the encrypted traffic between your website and your visitors.

Remediation
Required Skills for Successful Exploitation
Actions To Take

Configure your web server to disallow using anonymous ciphers.

For Apache, you should modify the SSLCipherSuite directive in the httpd.conf. For more configuration, please refer to External References section.

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Classifications
PCI v3.2-6.5.4
CAPEC-117
CWE-311
ISO27001-A.14.1.3
WASC-4
OWASP 2013-A6
OWASP 2017-A3
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Index

You can search and find all vulnerabilities

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Related Vulnerabilities

Featured resources

No items found.
No items found.
View all resources

Build your resistance to threats. And save hundreds of hours each month.

Get a Demo