11/29 - TLS & SSLv3 renegotiation vulnerability

This paper describes how to test for the TLS & SSLv3 renegotiation vulnerability:

The toolset provided by Openssl offers the simplest way to test whether a server allows for client-side renegotiation in the established tunnel.

Note: This doesn't necessarily mean that the application beneath is vulnerable to attacks over this channel, but indicates the server allows attacks to happen.

Generic Example
Openssl s_client -connect yourserver.com:443
R (Triggers renegotiation - if this works, the server accepts renegotiations within an existing TLS session Requirement)
GET /clientcontrolled.html http\1.0

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

05/23 - Vulnerability - Nessus 1110523

Nessus is the world's most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

06/05 - Vulnerability - OpenVAS Manager 2.0.4

The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

05/23 - Vulnerability - Nessus 1110523

Nessus is the world's most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

11/29 - TLS & SSLv3 renegotiation vulnerability

This paper describes how to test for the TLS & SSLv3 renegotiation vulnerability:

The toolset provided by Openssl offers the simplest way to test whether a server allows for client-side renegotiation in the established tunnel.

Note: This doesn't necessarily mean that the application beneath is vulnerable to attacks over this channel, but indicates the server allows attacks to happen.

Generic Example
Openssl s_client -connect yourserver.com:443
R (Triggers renegotiation - if this works, the server accepts renegotiations within an existing TLS session Requirement)
GET /clientcontrolled.html http\1.0

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

05/13 - Vulnerability - OpenVAS CLI 1.1.2

OpenVAS CLI contains the command line tool 'omp' which allows to create batch processes to drive OpenVAS Manager.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

05/13 - Vulnerability - OpenVAS Start 1110513

Script to start the OpenVAS services

Sorry, I could not read the content fromt this page.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

05/11 - Vulnerability - OpenVAS Keygen File 1110511

File to create an OpenVAS key without interaction

Sorry, I could not read the content fromt this page.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

04/25 - Vulnerability - OpenVAS Scanner 3.2.3

The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs vulnerability tests against multiple target hosts and delivers the results. It uses a communication protocol to have client tools (graphical and command line) connect, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which are updated to cover recently identified security issues.

The former 'OpenVAS server' is now called the 'OpenVAS Scanner' and consists of 2 modules: openvas-libraries and openvas-scanner. The scanner is accompanied by the optional servers 'OpenVAS Manager' (module openvas-manager) and 'OpenVAS Administrator' (module openvas-administrator).

OpenVAS-Server is a forked development of Nessus 2.2. The fork happened because Nessus 3 changed to a proprietary license model. Nessus 2.2.x development stopped for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

11/29 - TLS & SSLv3 renegotiation vulnerability

This paper describes how to test for the TLS & SSLv3 renegotiation vulnerability:

The toolset provided by Openssl offers the simplest way to test whether a server allows for client-side renegotiation in the established tunnel.

Note: This doesn't necessarily mean that the application beneath is vulnerable to attacks over this channel, but indicates the server allows attacks to happen.

Generic Example
Openssl s_client -connect yourserver.com:443
R (Triggers renegotiation - if this works, the server accepts renegotiations within an existing TLS session Requirement)
GET /clientcontrolled.html http\1.0

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

04/25 - Vulnerability - OpenVAS Scanner 3.2.3

The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs vulnerability tests against multiple target hosts and delivers the results. It uses a communication protocol to have client tools (graphical and command line) connect, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which are updated to cover recently identified security issues.

The former 'OpenVAS server' is now called the 'OpenVAS Scanner' and consists of 2 modules: openvas-libraries and openvas-scanner. The scanner is accompanied by the optional servers 'OpenVAS Manager' (module openvas-manager) and 'OpenVAS Administrator' (module openvas-administrator).

OpenVAS-Server is a forked development of Nessus 2.2. The fork happened because Nessus 3 changed to a proprietary license model. Nessus 2.2.x development stopped for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

11/29 - TLS & SSLv3 renegotiation vulnerability

This paper describes how to test for the TLS & SSLv3 renegotiation vulnerability:

The toolset provided by Openssl offers the simplest way to test whether a server allows for client-side renegotiation in the established tunnel.

Note: This doesn't necessarily mean that the application beneath is vulnerable to attacks over this channel, but indicates the server allows attacks to happen.

Generic Example
Openssl s_client -connect yourserver.com:443
R (Triggers renegotiation - if this works, the server accepts renegotiations within an existing TLS session Requirement)
GET /clientcontrolled.html http\1.0

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

04/17 - Vulnerability - OpenVAS Manager 2.0.3

The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.