Analisis WEB

WEB
Report generated by Nessus™ Mon, 09 Sep 2019 12:26:22 -03

TABLE OF CONTENTS
Vulnerabilities by Host
• 192.168.100.126.............................................................................................................................................. .....4
Vulnerabilities by Host
192.168.100.126
0 0 9 3 56
CRITICAL HIGH MEDIUM LOW INFO
Scan Information
Start time: Mon Sep 9 12:19:03 2019

End time: Mon Sep 9 12:26:22 2019
Host Information
Netbios Name: WIN-N7M5O2USK55

IP: 192.168.100.126
MAC Address: B4:B5:2F:5F:9A:3C
OS: Microsoft Windows Server 2012 R2 Standard
Vulnerabilities
18405 - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness
Synopsis
It may be possible to get access to the remote host.
ntity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the clie
e key and use it for this attack.
See Also
http://www.oxid.it/downloads/rdp-gbu.pdf
http://www.nessus.org/u?8033da0d
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution
192.168.100.126 4
- Force the use of SSL as a transport layer for this service if supported, or/and
- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication'
setting if it is available.
Risk Factor
Medium
CVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
3.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 13818
CVE CVE-2005-1794
Plugin Information
Published: 2005/06/01, Modified: 2018/08/01
Plugin Output
tcp/3389
57608 - SMB Signing not required
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to
conduct man-in-the-middle attacks against the SMB server.
See Also
https://support.microsoft.com/en-us/help/887429/overview-of-server-message-block-signing
http://technet.microsoft.com/en-us/library/cc731957.aspx http://www.nessus.org/u?
74b80723
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft
network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the
'see also' links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information
192.168.100.126 6
Plugin Output
tcp/445
192.168.100.126 7
51192 - SSL Certificate Cannot Be Trusted
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.100.126 8
Plugin Information
Plugin Output
tcp/3389
The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=WIN-N7M5O2USK55.CLINICAISV.CL
|-Issuer : CN=WIN-N7M5O2USK55.CLINICAISV.CL
192.168.100.126 9
45411 - SSL Certificate with Wrong Hostname
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Plugin Output
tcp/3389
The identities known by Nessus are :
169.254.36.160
192.168.100.126
192.168.100.126
The Common Name in the certificate is :
WIN-N7M5O2USK55.CLINICAISV.CL
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses
the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
Plugin Information
Plugin Output
tcp/3389
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
The fields above are :
{OpenSSL ciphername} Kx={key exchange} Au={authentication}

Enc={symmetric encryption method} Mac={message authentication code}
{export flag}
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/3389
The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : CN=WIN-N7M5O2USK55.CLINICAISV.CL
126263 - SolarWinds Dameware Mini Remote Control Client Public Key Buffer Over-read
Synopsis
The remote host is running a remote control application that is affected by a buffer over-read vulnerability.
Description
The SolarWinds Dameware Mini Remote Control Client Agent running on the remote host is affected by a buffer
over-read vulnerability due to improper validation of user-supplied data. An unauthenticated, remote attacker can
exploit this, via a series of requests, to cause a denial of service condition.
Note that the software is reportedly affected by additional vulnerabilities; however, this plugin has not tested for
these.
See Also
http://www.nessus.org/u?1220acd8
Solution
Upgrade to SolarWinds Dameware Mini Remote Control v12.1 Hotfix 2 or later.
Risk Factor
Medium
7.4 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)
References
CVE CVE-2019-3956
XREF TRA:TRA-2019-26
Plugin Information
Plugin Output
tcp/6129
58453 - Terminal Services Doesn't Use Network Level Authentication (NLA) Only
Synopsis
The remote Terminal Services doesn't use Network Level Authentication only.
Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the
Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through
TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving
authentication, NLA also helps protect the remote computer from malicious users and software by completing
user authentication before a full RDP connection is established.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/
cc732713(v=ws.11)
http://www.nessus.org/u?e2628096
Solution
Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote'
tab of the 'System' settings on Windows.
Risk Factor
Medium
4.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/3389
Nessus was able to negotiate non-NLA (Network Level Authentication) security.

57690 - Terminal Services Encryption Level is Medium or Low
Synopsis
The remote host is using weak cryptography.
Description
The remote Terminal Services service is not configured to use strong cryptography.
Using weak cryptography with this service may allow an attacker to eavesdrop on the communications more
easily and obtain screenshots and/or keystrokes.
Solution
Change RDP encryption level to one of :
3. High
4. FIPS Compliant
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/3389
The terminal services encryption level is set to :
2. Medium
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small
biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-
GCM suites subject to browser and web server support.
Risk Factor
Low
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.2 (CVSS2#E:U/RL:ND/RC:C)
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Plugin Output
tcp/3389
List of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
e fields above are :
penSSL ciphername} Kx={key exchange} Au={authentication}

c={symmetric encryption method} Mac={message authentication code}
xport flag}
83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024
bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to
1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time
(depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
See Also
https://weakdh.org/
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
Plugin Information
Plugin Output
tcp/3389
192.168.100.126 1
Vulnerable connection combinations :
SSL/TLS version : TLSv1.0

Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)



192.168.100.126 2
30218 - Terminal Services Encryption Level is not FIPS-140 Compliant
Synopsis
The remote host is not FIPS-140 compliant.
Description
The encryption setting used by the remote Terminal Services service is not FIPS-140 compliant.
Solution
Change RDP encryption level to :
4. FIPS Compliant
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/3389
The terminal services encryption level is set to :
2. Medium (Client Compatible)

45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on
the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21
Plugin Output
tcp/0
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2012:r2
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/135
The following DCERPC services are available locally :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91

UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Named pipe : WMsgKRpc0B9B70
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000

UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Named pipe : WindowsShutdown

Named pipe : WMsgKRpc0B9B70
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Named pipe : LRPC-4b26e451201ce3c3e4
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : LSMApi

Named pipe : WMsgKRpc04F80312
Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002

UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Annotation : Secure Desktop LRPC interface
Named pipe : WMsgKRpc04F80312
Object UUID : d5a9ac13-9ec0-4a6c-b79e-b0140f7f541d

UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Named pipe : LRPC-b8ce60480b45ec1309
Object UUID : fdbf47e9-34ba-42d4-8696-d5218cf5d96e

UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Dist [...]
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445
The following DCERPC services are available remotely :

Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\WIN-N7M5O2USK55

Named pipe : \PIPE\InitShutdown
Object UUID : 00000000-0000-0000-0000-000000000000

Named pipe : \pipe\LSM_API_service
Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b

UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Annotation : RemoteAccessCheck
192.168.100.126 2
Named pipe : \pipe\lsass
Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Annotation : DfsDs service
Named pipe : \PIPE\wkssvc
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Named pipe : \PIPE\atsvc
O [...]
192.168.100.126 2
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/1025
The following DCERPC services are available on TCP port 1025 :

TCP Port : 1025
IP : 192.168.100.126
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/1026
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Annotation : Event log TCPIP
TCP Port : 1026
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Annotation : NRP server endpoint
TCP Port : 1026
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Annotation : DHCPv6 Client LRPC Endpoint
TCP Port : 1026
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Annotation : DHCP Client LRPC Endpoint
TCP Port : 1026
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Annotation : Wcm Service
TCP Port : 1026
IP : 192.168.100.126
192.168.100.126 2
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/1027
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Annotation : IKE/Authip API
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Annotation : IP Transition Configuration endpoint
192.168.100.126 3
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Annotation : Proxy Manager provider server endpoint
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Annotation : Proxy Manager client server endpoint
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Annotation : Adh APIs
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Annotation : XactSrv service
TCP Port : 1027
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1 [...]
192.168.100.126 3
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/1028
Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b

TCP Port : 1028
IP : 192.168.100.126
Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da

TCP Port : 1028
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 1028
IP : 192.168.100.126
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/1029
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
TCP Port : 1029
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
TCP Port : 1029
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
TCP Port : 1029
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
TCP Port : 1029
IP : 192.168.100.126
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
TCP Port : 1029
IP : 192.168.100.126
192.168.100.126 3
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/1030
Object UUID : 00000000-0000-0000-0000-000000000000

TCP Port : 1030
IP : 192.168.100.126
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/1036
Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
TCP Port : 1036
IP : 192.168.100.126
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Remote device type : general-purpose

Confidence level : 99
35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are
registered by IEEE.
See Also
https://standards.ieee.org/faqs/regauth.html
http://www.nessus.org/u?794673b4
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The following card manufacturers were identified :
B4:B5:2F:5F:9A:3C : Hewlett Packard

86420 - Ethernet MAC Addresses
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios)
and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and
uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The following is a consolidated list of detected MAC addresses:

- B4:B5:2F:5F:9A:3C
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is
set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based
authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but
usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The ICMP timestamps seem to be in little endian format (not in network format)
The remote clock is synchronized with the local clock.
117886 - Local Checks Not Enabled (info)
Synopsis
Local checks were not enabled.
Description
Nessus did not enable local checks on the remote host. This does not necessarily indicate a problem with the
scan. Credentials may not have been provided, local checks may not be available for the target, the target may
not have been identified, or another issue may have occurred that prevented local checks from being enabled.
See plugin output for details.
This plugin reports informational findings related to local checks not being enabled. For failure information, see
plugin 21745 :
'Authentication Failure - Local Checks Not Run'.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The following issues were reported :
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : No Credentials Provided
Message :
Credentials were not provided for detected SMB service.
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending
an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445
The remote Operating System is : Windows Server 2012 R2 Standard 9600

The remote native LAN manager is : Windows Server 2012 R2 Standard 6.3
The remote SMB Domain Name is : CLINICAISV
11011 - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/139
An SMB server is running on this port.

Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445
A CIFS server is running on this port.

100871 - Microsoft Windows SMB Versions Supported (remote check)
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request
to port 139 or 445.
Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445
The remote host supports the following versions of SMB :

SMBv1
SMBv2
106716 - Microsoft Windows SMB2 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 dialects running on the remote host by sending an authentication
request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/445
The remote host supports the following SMB dialects :

_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10
3.1.1 Windows 10
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Plugin Output
tcp/135
Port 135/tcp was found to be open

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/139

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/445

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/1025

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/1026

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/1027

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/1029

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/1030

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/1036

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/5666

Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/6129

19506 - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.

- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Information about this scan :
Nessus version : 8.6.0

Plugin feed version : 201909070030
Scanner edition used : Nessus Home
Scan type : Normal
Scan policy used : Advanced Scan
Scanner IP : 192.168.30.36
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2019/9/9 12:19 -03
Scan duration : 425 sec
43815 - NetBIOS Multiple IP Address Enumeration
Synopsis
The remote host is configured with multiple IP addresses.
Description
By sending a special NetBIOS query, Nessus was able to detect the use of multiple IP addresses on the remote
host. This indicates the host may be running virtualization software, a VPN client, or has multiple network
interfaces.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/137
The remote host appears to be using the following IP addresses :
- 192.168.100.126
- 169.254.36.160
10884 - Network Time Protocol (NTP) Server Detection
Synopsis
An NTP server is listening on the remote host.
Description
An NTP server is listening on port 123. If not securely configured, it may provide information about its version,
current date, current time, and possibly system information.
See Also
http://www.ntp.org
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/123
An NTP service has been discovered, listening on port 123.
No sensitive information has been disclosed.
Version : unknown
110723 - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the scan
policy.
Description
Nessus was unable to execute credentialed checks because no credentials were provided.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
SMB was detected on port 445 but no credentials were provided.

SMB local checks were not enabled.
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the
name of the remote operating system in use. It is also possible sometimes to guess the version of the operating
system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Remote operating system : Microsoft Windows Server 2012 R2 Standard

Confidence level : 99
Method : MSRPC
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to [email protected]. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
NTP:!:unknown
SSLcert:!:i/CN:WIN-N7M5O2USK55.CLINICAISV.CLs/CN:WIN-N7M5O2USK55.CLINICAISV.CL
391c964aeac30f5c444790a141daefddd827bd25
The remote host is running Microsoft Windows Server 2012 R2 Standard

66334 - Patch Report
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to
install to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
. You need to take the following action :
[ SolarWinds Dameware Mini Remote Control Client Public Key Buffer Over-read (126263) ]
+ Action to take : Upgrade to SolarWinds Dameware Mini Remote Control v12.1 Hotfix 2 or later.
66173 - RDP Screenshot
Synopsis
It is possible to take a screenshot of the remote login screen.
Description
This script attempts to connect to the remote host via RDP (Remote Desktop Protocol) and attempts to take a
screenshot of the login screen.
While this is not a vulnerability by itself, some versions of Windows display the names of the users who can
connect and which ones are connected already.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
It was possible to gather the following screenshot of the remote login screen.
56984 - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
This port supports TLSv1.0/TLSv1.1/TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute
does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that
matches the common name in the certificate.
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
The host name known by Nessus is :
win-n7m5o2usk55
The Common Name in the certificate is :
win-n7m5o2usk55.clinicaisv.cl
10863 - SSL Certificate Information
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
Subject Name:
Common Name: WIN-N7M5O2USK55.CLINICAISV.CL
Issuer Name:
Serial Number: 1F 63 4F 14 E7 ED 13 83 4B FC 3C 21 5B 52 13 3F
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jun 25 15:58:59 2019 GMT

Not Valid After: Dec 25 15:58:59 2019 GMT
Public Key Info:
Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 88 0A 9A 2C 30 20 8B D1 35 56 F0 44 91 60 3D 51 53 00 EE
59 F1 57 07 8B 8C 43 1B BE 54 31 6D 69 9F ED 04 B3 EE 8E 02
55 89 A4 13 53 E5 02 31 DA EA E9 0B 5B EB 56 7F 19 57 80 D6
71 88 68 DB A9 42 F3 2B 41 95 7B 6C 81 49 BF 1A 31 2D D3 1A
5A 31 3B 7C CF 94 B1 4B 42 7B 8B B7 77 5A 59 DF 8D 1D 5A 5D
1D 4A A4 C9 92 56 FE 87 F7 5A 4C 1D 1C B8 2E 14 28 B4 56 1B
8B 05 98 72 4E 90 B5 0D 49 64 5D 91 D5 7D E7 41 3A 2F 68 58
EE 11 AD A4 9E 7D 6A 21 C8 0E D1 52 50 F4 F1 C5 33 9C 1C 0E
D1 61 7B 24 AF 18 1D 7D A2 52 41 85 11 91 C8 D8 12 6D 37 11
1B 40 21 F2 DD E5 31 68 90 90 A6 32 06 F7 EA 2A 79 94 2E 99
1B 57 56 75 02 12 56 12 99 D9 FB D0 20 64 E0 B5 A0 C1 C0 10
B1 E7 8B 5B 60 5F A7 4E FF 6A FE 42 79 79 5D B7 8D AB FC 5A
2B 12 0F 9E D0 E7 B1 EB 3F 67 AD 40 F5 E7 33 E1 C1
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits

Signature: 00 60 AD 36 98 B7 20 2F EF A8 FE E7 C8 46 12 23 D0 38 52 97
B0 16 6B 39 A4 BC 86 00 CC E9 9A 64 F0 63 7C 23 92 A6 EE 92
F2 87 60 CD 35 1D 4E 6B AA 7D 7D 7F 00 B0 AB 5F 43 65 BE C1
D4 9F 21 DE AC 8D 80 3F B4 95 FB FE A1 D1 3D 8C 62 1E ED 13
87 65 27 7F 91 E7 81 7E 78 7D 9F 68 E6 C9 C9 3B AA 37 DF 88
BC AF 4D 3C 7B 21 76 38 11 F7 27 34 38 9A 96 36 E5 50 6D 15
A0 68 82 5A B0 8E 95 57 EA C5 7A 41 B3 6A B9 45 75 A4 2A 12
0A 0B 89 DF 29 1E A0 1A 5D 99 09 FB 26 FE 94 D0 B9 7B 88 8E
B7 F5 4E 0B 2F F1 DE 4E D5 1B 8C 3A 95 28 05 BE 86 89 46 D9
[...]
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
Here is the list of SSL CBC ciphers supported by the remote server :
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
192.168.100.126 7
{OpenSSL ciphername} Kx={key exchange} Au={authentication}

Enc={symmetric encryption method} Mac={message authentication code}
{export flag}
192.168.100.126 7
21643 - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
Here is the list of SSL ciphers supported by the remote server :

Each group is reported per SSL Version.
SSL Version : TLSv12

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256

RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
192.168.100.126 7
SSL Version : TLSv11

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES [...]
192.168.100.126 7
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
Here is the list of SSL PFS ciphers supported by the remote server :

{OpenSSL ciphername} Kx={key exchange}
192.168.100.126 7
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
192.168.100.126 7
51891 - SSL Session Resume Supported
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive
a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in
the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
This port supports resuming TLSv1 sessions.

96982 - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends
that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB
versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is
unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users
disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-
in-windows-and
http://www.nessus.org/u?8dcab5e4
http://www.nessus.org/u?234f8ef8
http://www.nessus.org/u?4c7e0cf3
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by
blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 /
139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
Plugin Information
Plugin Output
tcp/445
The remote host supports SMBv1.

22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/5666
The service closed the connection without sending any data.

It might be protected by some sort of TCP wrapper.
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/6129
A dameware server is running on this port.

25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the
uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
104743 - TLS Version 1.0 Protocol Detection
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
TLSv1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.

TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM
cannot be used with TLS 1.1
PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
TLSv1.1 is enabled and the server supports at least one cipher.

64814 - Terminal Services Use SSL/TLS
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389
Subject Name:
Issuer Name:
Serial Number: 1F 63 4F 14 E7 ED 13 83 4B FC 3C 21 5B 52 13 3F
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jun 25 15:58:59 2019 GMT

Not Valid After: Dec 25 15:58:59 2019 GMT
Public Key Info:
Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 88 0A 9A 2C 30 20 8B D1 35 56 F0 44 91 60 3D 51 53 00 EE
59 F1 57 07 8B 8C 43 1B BE 54 31 6D 69 9F ED 04 B3 EE 8E 02
55 89 A4 13 53 E5 02 31 DA EA E9 0B 5B EB 56 7F 19 57 80 D6
71 88 68 DB A9 42 F3 2B 41 95 7B 6C 81 49 BF 1A 31 2D D3 1A
5A 31 3B 7C CF 94 B1 4B 42 7B 8B B7 77 5A 59 DF 8D 1D 5A 5D
1D 4A A4 C9 92 56 FE 87 F7 5A 4C 1D 1C B8 2E 14 28 B4 56 1B
8B 05 98 72 4E 90 B5 0D 49 64 5D 91 D5 7D E7 41 3A 2F 68 58
EE 11 AD A4 9E 7D 6A 21 C8 0E D1 52 50 F4 F1 C5 33 9C 1C 0E
D1 61 7B 24 AF 18 1D 7D A2 52 41 85 11 91 C8 D8 12 6D 37 11
1B 40 21 F2 DD E5 31 68 90 90 A6 32 06 F7 EA 2A 79 94 2E 99
1B 57 56 75 02 12 56 12 99 D9 FB D0 20 64 E0 B5 A0 C1 C0 10
B1 E7 8B 5B 60 5F A7 4E FF 6A FE 42 79 79 5D B7 8D AB FC 5A
2B 12 0F 9E D0 E7 B1 EB 3F 67 AD 40 F5 E7 33 E1 C1
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits

Signature: 00 60 AD 36 98 B7 20 2F EF A8 FE E7 C8 46 12 23 D0 38 52 97
B0 16 6B 39 A4 BC 86 00 CC E9 9A 64 F0 63 7C 23 92 A6 EE 92
F2 87 60 CD 35 1D 4E 6B AA 7D 7D 7F 00 B0 AB 5F 43 65 BE C1
D4 9F 21 DE AC 8D 80 3F B4 95 FB FE A1 D1 3D 8C 62 1E ED 13
87 65 27 7F 91 E7 81 7E 78 7D 9F 68 E6 C9 C9 3B AA 37 DF 88
BC AF 4D 3C 7B 21 76 38 11 F7 27 34 38 9A 96 36 E5 50 6D 15
A0 68 82 5A B0 8E 95 57 EA C5 7A 41 B3 6A B9 45 75 A4 2A 12
0A 0B 89 DF 29 1E A0 1A 5D 99 09 FB 26 FE 94 D0 B9 7B 88 8E
B7 F5 4E 0B 2F F1 DE 4E D5 1B 8C 3A 95 28 05 BE 86 89 46 D9
[...]
10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
For your information, here is the traceroute from 192.168.30.36 to 192.168.100.126 :

192.168.30.36
192.168.30.1
172.16.30.1
172.16.40.2
172.16.0.2
192.168.100.126
Hop Count: 5
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB
requests.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/137
The following 3 NetBIOS names have been gathered :
WIN-N7M5O2USK55 = Computer name

CLINICAISV = Workgroup / Domain name
WIN-N7M5O2USK55 = File Server Service
The remote host has the following MAC address on its adapter :
b4:b5:2f:5f:9a:3c
10940 - Windows Terminal Services Enabled
Synopsis
The remote Windows host has Terminal Services enabled.
Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user
on the remote host).
If an attacker gains a valid login and password, this service could be used to gain further access on the remote
host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in
remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for
attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Plugin Output
tcp/3389

Analisis WEB

Uploaded by

Copyright:

Available Formats

Analisis WEB

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Analisis WEB

Uploaded by

Copyright:

Available Formats

WEB

Report generated by Nessus™ Mon, 09 Sep 2019 12:26:22 -03

Start time: Mon Sep 9 12:19:03 2019

Netbios Name: WIN-N7M5O2USK55

It may be possible to get access to the remote host.

e key and use it for this attack.

CVSS Base Score

CVSS Temporal Score

Published: 2005/06/01, Modified: 2018/08/01

Signing is not required on the remote SMB server.

CVSS v3.0 Base Score

CVSS v3.0 Temporal Score

CVSS Base Score

CVSS Temporal Score

The SSL certificate for this service cannot be trusted.

Purchase or generate a proper certificate for this service.

CVSS v3.0 Base Score

CVSS Base Score

Published: 2010/12/15, Modified: 2018/11/15

The following certificate was at the top of the certificate

The SSL certificate for this service is for a different host.

Purchase or generate a proper certificate for this service.

CVSS v3.0 Base Score

CVSS Base Score

Published: 2010/04/03, Modified: 2017/06/05

The identities known by Nessus are :

The Common Name in the certificate is :

CVSS v3.0 Base Score

CVSS Base Score

Published: 2009/11/23, Modified: 2019/02/28

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername} Kx={key exchange} Au={authentication}

Purchase or generate a proper certificate for this service.

CVSS Base Score

Published: 2012/01/17, Modified: 2016/12/14

The following certificate was found at the top of the certificate

Upgrade to SolarWinds Dameware Mini Remote Control v12.1 Hotfix 2 or later.

CVSS v3.0 Base Score

CVSS Base Score

Published: 2019/06/27, Modified: 2019/06/27

CVSS v3.0 Base Score

CVSS Base Score

Published: 2012/03/23, Modified: 2019/08/20

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

The remote host is using weak cryptography.

Change RDP encryption level to one of :

CVSS Base Score

Published: 2012/01/25, Modified: 2019/08/20

The terminal services encryption level is set to :

The remote service supports the use of the RC4 cipher.

CVSS v3.0 Base Score

CVSS v3.0 Temporal Score

CVSS Base Score

CVSS Temporal Score

Published: 2013/04/05, Modified: 2019/07/23

List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

e fields above are :