Summary #

Invicti detected that anonymous ciphers is supported during secure communication (SSL).

You should allow only strong ciphers on your web server to protect your secure communication with your visitors.  

Impact #
Attackers can perform man-in-the middle attacks and observe the encrypted traffic between your website and your visitors.
Actions To Take #

Configure your web server to disallow using anonymous ciphers.

For Apache, you should modify the SSLCipherSuite directive in the httpd.conf. For more configuration, please refer to External References section.


Classifications #
PCI v3.1-6.5.4; PCI v3.2-6.5.4; CAPEC-117; CWE-311; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 , CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo