Scribd Logo
Upload

Welcome to Scribd!

  • 21 views

    ITALY VA - Report - Docx

    Uploaded by

    Nirdesh Raya
    1. Multiple IP addresses were found vulnerable to the Sweet 32 cipher collision attack, which could allow a man-in-the-middle attacker to recover small portions of plaintext. It is recommended to upgrade to supported versions using 128-bit encryption. 2. An unsupported web server version was detected, exposing internal structure and data. Upgrading to a supported version is recommended. 3. A web application leaked .DS_Store files containing macOS folder configuration data. Blocking access to hidden files and disabling .DS_Store creation on network shares is advised. 4. Several servers were discovered leaking internal server names and details. An attacker could use this for post-exploitation. Server configuration should avoid

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    ITALY VA - Report - Docx

    Uploaded by

    Nirdesh Raya
    21 views23 pages
    1. Multiple IP addresses were found vulnerable to the Sweet 32 cipher collision attack, which could allow a man-in-the-middle attacker to recover small portions of plaintext. It is recommended to upgrade to supported versions using 128-bit encryption. 2. An unsupported web server version was detected, exposing internal structure and data. Upgrading to a supported version is recommended. 3. A web application leaked .DS_Store files containing macOS folder configuration data. Blocking access to hidden files and disabling .DS_Store creation on network shares is advised. 4. Several servers were discovered leaking internal server names and details. An attacker could use this for post-exploitation. Server configuration should avoid

    Original Title

    ITALY VA_Report.docx_

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1. Multiple IP addresses were found vulnerable to the Sweet 32 cipher collision attack, which could allow a man-in-the-middle attacker to recover small portions of plaintext. It is recommended to upgrade to supported versions using 128-bit encryption. 2. An unsupported web server version was detected, exposing internal structure and data. Upgrading to a supported version is recommended. 3. A web application leaked .DS_Store files containing macOS folder configuration data. Blocking access to hidden files and disabling .DS_Store creation on network shares is advised. 4. Several servers were discovered leaking internal server names and details. An attacker could use this for post-exploitation. Server configuration should avoid

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    21 views23 pages

    ITALY VA - Report - Docx

    Uploaded by

    Nirdesh Raya
    1. Multiple IP addresses were found vulnerable to the Sweet 32 cipher collision attack, which could allow a man-in-the-middle attacker to recover small portions of plaintext. It is recommended to upgrade to supported versions using 128-bit encryption. 2. An unsupported web server version was detected, exposing internal structure and data. Upgrading to a supported version is recommended. 3. A web application leaked .DS_Store files containing macOS folder configuration data. Blocking access to hidden files and disabling .DS_Store creation on network shares is advised. 4. Several servers were discovered leaking internal server names and details. An attacker could use this for post-exploitation. Server configuration should avoid

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 23

    1.

    SSL Medium Strength Cipher Suites Supported Medium


    (Sweet 32)
    CVSS Score: 7.5
    Applicatio Authenticate Internal/ Affected URL
    Identification n d/ External
    Unauthentica
    ted
    38.142.77. Unauthenticat External https://
    172 ed autodiscover.janusetcie.com/
    owa/auth/logon.aspx?
    replaceCurrent=1&url=https%3a
    104.131.56 %2f
    .232 %2fautodiscover.janusetcie.com
    https://104.131.56.232/
    %2fowa%2f

    185.53.151 https://185.53.151.170/
    .170 – port
    443
    https://
    autodiscover.janusetcie.com/
    owa/auth/logon.aspx?
    185.53.151 replaceCurrent=1&url=https%3a
    https://185.53.151.171/
    .170-port %2f
    587 %2fautodiscover.janusetcie.com
    https://185.53.151.172/
    %2fowa%2f
    185.53.151
    .171
    https://185.53.151.172/
    https://185.53.151.176/

    185.53.151
    .172

    185.53.151
    .174

    185.53.151
    .176

    185.53.151
    .180

    185.53.151
    .181

    185.53.151
    .182

    185.53.151
    .189

    Condition We observed that the multiple IPs were found vulnerable to Sweet 32.

    The remote host supports the use of SSL ciphers that offer medium strength
    encryption. Nessus regards medium strength as any encryption that uses key
    lengths at least 64 bits and less than 112 bits, or else that uses the 3DES en-
    cryption suite

    Sweet 32 is a cybersecurity vulnerability that exploits cipher collisions. The


    attack targets the design flaws in some ciphers. The Sweet32 attack
    allows an attacker to recover small portions of plaintext

    Proof of Concept
    Figure- Sweet 32 vulnerable in 38.142.77.172

    Figure- Sweet 32 vulnerable104.131.56.232


    Figure- Sweet 32 vulnerable in 173.249.18.58

    Figure- Sweet 32 vulnerable in 185.53.151.170 in port 443


    Figure- Sweet 32 vulnerable in 185.53.151.170 in port 587

    Figure- Sweet 32 vulnerable in 185.53.151.171


    Figure- Sweet 32 vulnerable in 185.53.151.172
    Figure- Sweet 32 vulnerable in 185.53.151.174

    Figure- Sweet 32 vulnerable in 185.53.151.176


    Figure- Sweet 32 vulnerable in 185.53.151.180

    Figure- Sweet 32 vulnerable in 185.53.151.181


    Figure- Sweet 32 vulnerable in 185.53.151.182
    Figure- Sweet 32 vulnerable in 185.53.151.189

    Criteria As per the best practice, the Mac OS X user should configure their worksta-
    tion to disable the creation of .DS_Store files on the network shares so that
    there won't be any disclosure of information like icons positions,

    An attacker can:
    Impact
     Man-in-the-middle attack: An attacker can perform a man-in-
    the-middle (MITM) attack on the communication channel to sniff
    data.
    It is recommended to:
    Recommend
    ation  Use OpenSSL security update RHSA-2016:1940.

     Try to avoid the usage of legacy 64-bit block ciphers.

     Servers and VPN should use 128-bit ciphers for encryption.


    2. Unsupported webserver version Medium

    CVSS Score: 7.5


    Applicatio Authenticate Internal/ Affected URL
    Identification n d/ External
    Unauthentica
    ted
    162.221.94 Unauthenticat External https://162.221.94.74/.DS_Store
    .74 ed

    Condition We observed that 38.142.77.172 is found using unsupported web server ver-
    sion.

    Proof of Concept
    Figure- .Unsupported web server version detection.

    Criteria As per the best practice the old and unsupported version must be upgraded
    to the latest version

    An attacker can:
    Impact
     Gain the information on the structure and contents of the website.
    It is recommended to:
    Recommend  Remove the web server if it is no longer needed.
    ation
     Upgrade to the supported version or switch to another server.
    3. Apple Mac OS X Find-By-Content DS_Store Web Medium
    Directory Listing vulnerability in web application
    CVSS Score: 5.0
    Applicatio Authenticate Internal/ Affected URL
    Identification n d/ External
    Unauthentica
    ted
    162.221.94 Unauthenticat External https://162.221.94.74/.DS_Store
    .74 ed

    Condition We observed that it is possible to get the list of files which contain the view-
    ing preference information, which controls how the Mac OS X operating sys-
    tem opens a user's folders and how the folders appears present in the re-
    mote directory of the vulnerable web application.

    DS_STORE files are used by the Macintosh OS X operating system. These


    files contain the viewing preference information, which controls how the Mac
    OS X operating system opens a user's folders and how the folders appear.

    The .DS_Store files are created by Mac OS X Finder , it helps to disclose the
    information like icons positions on the desktop

    Proof of Concept
    s

    Figure- .Pop up box for downloading .DS_Store files of Mac OS X users.

    Criteria As per the best practice, the Mac OS X user should configure their worksta-
    tion to disable the creation of .DS_Store files on the network shares.

    An attacker can:
    Impact
     Gain the information on the structure and contents of the website.
    It is recommended to:
    Recommend  Configure the web server so as to prevent the download of .DS_Store
    ation file.
     Block access to hidden files (starting with a dot) within your
    webservers configuration.
    4. Disclosure of server information in multiple Medium

    CVSS Score: 5.0


    Applicatio Authenticate Internal/ Affected URL
    Identification n d/ External
    Unauthentica
    ted
    38.142.77. Unauthenticat External https://38.142.77.173/
    173 ed
    50.247.103 https://50.247.103.21
    .21

    91.121.234 https://91.121.234.53/
    .53

    104.131.56 https://104.131.56.232
    .232

    162.221.94 https://162.221.94.74
    .74

    184.53.151 https://184.53.151.181
    .181

    185.53.151
    .176
    https://185.53.151.176

    185.23.151
    .180
    https://185.23.151.180

    185.53.151
    .182
    https://185.23.151.182

    Condition We observed that multiple web application is found to be disclosing the


    server information through intercepting the request. An attacker with this
    knowledge can use for post exploitation.

    Proof of Concept
    mul

    Figure- .Disclosure of server information like name of server.


    Figure- .Disclosure of server information like name of server.

    Figure- .Disclosure of server information like name of server.


    Figure- .Disclosure of server information like name of server.

    Figure- .Disclosure of server information like name of server.


    Figure- .Disclosure of server information
    Figure- .Disclosure of server information

    Figure- .Disclosure of server information

    Figure- .Disclosure of server information


    Figure- .Disclosure of server information
    Criteria As per the best practice, the Mac OS X user should configure their worksta-
    tion to disable the creation of .DS_Store files on the network shares.

    An attacker can:
    Impact
     Gain the information on the structure and contents of the website.
    It is recommended to:
    Recommend  Configure the web server so as to prevent the download of .DS_Store
    ation file.
     Block access to hidden files (starting with a dot) within your
    webservers configuration.

    You might also like