Skip navigation
Currently Being Moderated

How is QID 38142 - SSL Server Allows Anonymous Authentication Vulnerability detected?

Created by kb-author-1 on May 17, 2010 6:21 PM - Last modified by Joe Gregory on Dec 4, 2012 2:19 PM

Issue:

How is QID 38142 - SSL Server Allows Anonymous Authentication Vulnerability detected?

 

Solution:

The test for QID 38142 can be verified manually with the OpenSSL command-line client.

 

On a command line, type:

openssl s_client -connect TARGET_IP:PORT_NUMBER -cipher aNULL

 

Where TARGET_IP is the IP address of the host in question and PORT_NUMBER is the port listed in the scan report for this QID.

 

For mail servers (port 25 and others) which use START TLS, you will need to use:

openssl s_client -connect 192.168.10.10:25 -cipher aNULL -starttls smtp

 

If the result is an SSL handshake error similar to the example below, the host is not vulnerable:

-----[example]-----

CONNECTED(00000003)
9216:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:

-----[/example]-----

 

However, if the connection is established and the SSL handshake information is displayed, the issue was successfully reproduced.  Please note that some vendors may allow the initial SSL connection with an anonymous cipher, but disallow the connection once the underlying service is exercised.

 

Qualys Support KnowledgeBase

http://community.qualys.com/community/kb

Comments (1)