Free Essay

Vulnerability Assess

In: Computers and Technology

Submitted By aser08
Words 29406
Pages 118
Nessus Report
Nessus Scan Report 24/Jan/2014:09:12:12
Nessus Home: Commercial use of the report is prohibited
Any time Nessus is used in a commercial environment you MUST maintain an active subscription to the Nessus Feed in order to be compliant with our license agreement: http://www.tenable.com/products/nessus

Table Of Contents
Hosts Summary (Executive).................................................................................................4

•kupangkota.go.id..........................................................................................................................................................5
Vulnerabilities By Host......................................................................................................... 7

•kupangkota.go.id..........................................................................................................................................................8
Vulnerabilities By Plugin.....................................................................................................64

•51192 (6) - SSL Certificate Cannot Be Trusted....................................................................................................... 65 •57582 (6) - SSL Self-Signed Certificate................................................................................................................... 67 •54582 (2) - SMTP Service Cleartext Login Permitted.............................................................................................. 69 •34324 (1) - FTP Supports Clear Text Authentication............................................................................................... 70 •70658 (1) - SSH Server CBC Mode Ciphers Enabled............................................................................................. 71 •71049 (1) - SSH Weak MAC Algorithms Enabled....................................................................................................72 •11219 (21) - Nessus SYN scanner...........................................................................................................................73 •22964 (15) - Service Detection.................................................................................................................................75 •10863 (6) - SSL Certificate Information....................................................................................................................76 •50845 (6) - OpenSSL Detection............................................................................................................................... 81 •56984 (6) - SSL / TLS Versions Supported..............................................................................................................82 •62563 (6) - SSL Compression Methods Supported................................................................................................. 83 •10263 (3) - SMTP Server Detection......................................................................................................................... 85 •54580 (3) - SMTP Authentication Methods.............................................................................................................. 86 •10185 (2) - POP Server Detection........................................................................................................................... 87 •11002 (2) - DNS Server Detection........................................................................................................................... 88 •11414 (2) - IMAP Service Banner Retrieval............................................................................................................. 89 •24260 (2) - HyperText Transfer Protocol (HTTP) Information.................................................................................. 90 •59861 (2) - Remote web server screenshot.............................................................................................................91 •10028 (1) - DNS Server BIND version Directive Remote Version Disclosure.......................................................... 92 •10092 (1) - FTP Server Detection............................................................................................................................ 93 •10107 (1) - HTTP Server Type and Version............................................................................................................ 94 •10114 (1) - ICMP Timestamp Request Remote Date Disclosure.............................................................................95 •10267 (1) - SSH Server Type and Version Information........................................................................................... 96 •10287 (1) - Traceroute Information...........................................................................................................................97 •10881 (1) - SSH Protocol Versions Supported.........................................................................................................98 •10884 (1) - Network Time Protocol (NTP) Server Detection....................................................................................99 •11936 (1) - OS Identification...................................................................................................................................100 •12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution...................................................................... 101 •19506 (1) - Nessus Scan Information.....................................................................................................................102 •25220 (1) - TCP/IP Timestamps Supported........................................................................................................... 103 •35371 (1) - DNS Server hostname.bind Map Hostname Disclosure...................................................................... 104 •39520 (1) - Backported Security Patch Detection (SSH)....................................................................................... 105 •42085 (1) - IMAP Service STARTTLS Command Support.................................................................................... 106 •42087 (1) - POP3 Service STLS Command Support............................................................................................. 108 •42149 (1) - FTP Service AUTH TLS Command Support....................................................................................... 110 •43111 (1) - HTTP Methods Allowed (per directory)............................................................................................... 112 •45590 (1) - Common Platform Enumeration (CPE)................................................................................................113 •46180 (1) - Additional DNS Hostnames................................................................................................................. 114

•54615 (1) - Device Type......................................................................................................................................... 115 •70657 (1) - SSH Algorithms and Languages Supported........................................................................................ 116

Hosts Summary (Executive)

kupangkota.go.id Summary
Critical 0 High 0 Medium 2 Low 4 Info 35 Total 41

Details
Severity Medium (6.4) Medium (6.4) Low (2.6) Low (2.6) Low (2.6) Low (2.6) Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Plugin Id 51192 57582 34324 54582 70658 71049 10028 10092 10107 10114 10185 10263 10267 10287 10863 10881 10884 11002 11219 11414 11936 12053 19506 22964 24260 25220 Name SSL Certificate Cannot Be Trusted SSL Self-Signed Certificate FTP Supports Clear Text Authentication SMTP Service Cleartext Login Permitted SSH Server CBC Mode Ciphers Enabled SSH Weak MAC Algorithms Enabled DNS Server BIND version Directive Remote Version Disclosure FTP Server Detection HTTP Server Type and Version ICMP Timestamp Request Remote Date Disclosure POP Server Detection SMTP Server Detection SSH Server Type and Version Information Traceroute Information SSL Certificate Information SSH Protocol Versions Supported Network Time Protocol (NTP) Server Detection DNS Server Detection Nessus SYN scanner IMAP Service Banner Retrieval OS Identification Host Fully Qualified Domain Name (FQDN) Resolution Nessus Scan Information Service Detection HyperText Transfer Protocol (HTTP) Information TCP/IP Timestamps Supported

5

Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info

35371 39520 42085 42087 42149 43111 45590 46180 50845 54580 54615 56984 59861 62563 70657

DNS Server hostname.bind Map Hostname Disclosure Backported Security Patch Detection (SSH) IMAP Service STARTTLS Command Support POP3 Service STLS Command Support FTP Service AUTH TLS Command Support HTTP Methods Allowed (per directory) Common Platform Enumeration (CPE) Additional DNS Hostnames OpenSSL Detection SMTP Authentication Methods Device Type SSL / TLS Versions Supported Remote web server screenshot SSL Compression Methods Supported SSH Algorithms and Languages Supported

6

Vulnerabilities By Host

kupangkota.go.id Scan Information
Start time: End time: Fri Jan 24 09:12:13 2014 Fri Jan 24 09:39:24 2014

Host Information
DNS Name: IP: OS: kupangkota.go.id 192.163.229.190 Linux Kernel 3.10, Linux Kernel 3.5, Linux Kernel 3.8, Linux Kernel 3.9

Results Summary
Critical 0 High 0 Medium 12 Low 5 Info 98 Total 115

Results Details 0/icmp 10114 - ICMP Timestamp Request Remote Date Disclosure Synopsis
It is possible to determine the exact time set on the remote host.

Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols. Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.

Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Risk Factor
None

References
CVE XREF XREF CVE-1999-0524 OSVDB:94 CWE:200

Plugin Information:
Publication date: 1999/08/01, Modification date: 2012/06/18

Ports icmp/0
The difference between the local and remote clocks is -6 seconds.

0/tcp 25220 - TCP/IP Timestamps Supported Synopsis
The remote service implements TCP timestamps.

Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.

See Also http://www.ietf.org/rfc/rfc1323.txt 8

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/05/16, Modification date: 2011/03/20

Ports tcp/0 12053 - Host Fully Qualified Domain Name (FQDN) Resolution Synopsis
It was possible to resolve the name of the remote host.

Description
Nessus was able to resolve the FQDN of the remote host.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2004/02/11, Modification date: 2012/09/28

Ports tcp/0
192.163.229.190 resolves as kupangkota.go.id.

46180 - Additional DNS Hostnames Synopsis
Potential virtual hosts have been detected.

Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web servers may be hosted on name- based virtual hosts.

See Also http://en.wikipedia.org/wiki/Virtual_hosting Solution
If you want to test them, re-scan using the special vhost syntax, such as : www.example.com[192.0.32.10]

Risk Factor
None

Plugin Information:
Publication date: 2010/04/29, Modification date: 2013/01/21

Ports tcp/0
The following hostnames point to the remote host: - genesis.bakatumu.com

11936 - OS Identification Synopsis
It is possible to guess the remote operating system.

Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name of the remote operating system in use. It is also sometimes possible to guess the version of the operating system.

9

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2003/12/09, Modification date: 2013/09/03

Ports tcp/0
Remote operating system : Linux Kernel 3.10 Linux Kernel 3.5 Linux Kernel 3.8 Linux Kernel 3.9 Confidence Level : 59 Method : SinFP Not all fingerprints could give a match. If you think some or all of the following could be used to identify the host's operating system, please email them to os-signatures@nessus.org. Be sure to include a brief description of the host itself, such as the actual operating system or product / model names. HTTP:!:Server: Apache SinFP: P1:B10113:F0x12:W14600:O0204ffff:M1460: P2:B10113:F0x12:W14480:O0204ffff0402080affffffff4445414401030307:M1460: P3:B10120:F0x04:W0:O0:M0 P4:5202_7_p=2083R SMTP:!:220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:14:05 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. SSLcert:!:i/CN:genesis.bakatumu.comi/O:Unknowni/OU:Unknowns/CN:genesis.bakatumu.coms/O:Unknowns/ OU:Unknown 3554b0bbe44b5657970ae8164c40cab37cf60010 i/CN:genesis.bakatumu.comi/O:Unknowni/OU:Unknowns/CN:genesis.bakatumu.coms/O:Unknowns/OU:Unknown 3554b0bbe44b5657970ae8164c40cab37cf60010 SSH:!:SSH-2.0-OpenSSH_5.3

The remote host is running one of these operating systems : Linux Kernel 3.10 Linux Kernel 3.5 Linux Kernel 3.8 Linux Kernel 3.9

54615 - Device Type Synopsis
It is possible to guess the remote device type.

Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/05/23, Modification date: 2011/05/23

Ports tcp/0
Remote device type : general-purpose Confidence level : 59

10

45590 - Common Platform Enumeration (CPE) Synopsis
It is possible to enumerate CPE names that matched on the remote system.

Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

See Also http://cpe.mitre.org/ Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/04/21, Modification date: 2014/01/06

Ports tcp/0
The remote operating system matched the following CPE's : cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.5 cpe:/o:linux:linux_kernel:3.8 cpe:/o:linux:linux_kernel:3.9 Following application CPE's matched on the remote system : cpe:/a:openbsd:openssh:5.3 -> OpenBSD cpe:/a:isc:bind:9.8.2rc1:redhat OpenSSH 5.3

19506 - Nessus Scan Information Synopsis
Information about the Nessus scan.

Description
This script displays, for each tested host, information about the scan itself : - The version of the plugin set - The type of scanner (Nessus or Nessus Home) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - Whether credentialed or third-party patch management checks are possible - The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2005/08/26, Modification date: 2014/01/21

Ports tcp/0
Information about this scan :

11

Nessus version : 5.2.4 (Nessus 5.2.5 is available - consider upgrading) Plugin feed version : 201401221915 Scanner edition used : Nessus Home Scan policy used : FUll2 Scanner IP : 36.86.200.211 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : Detected Allow post-scan editing: Yes Scan Start Date : 2014/1/24 9:12 Scan duration : 1631 sec

0/udp 10287 - Traceroute Information Synopsis
It was possible to obtain traceroute information.

Description
Makes a traceroute to the remote host.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11

Ports udp/0
For your information, here is the traceroute from 36.86.200.211 to 192.163.229.190 : 36.86.200.211 36.86.192.1 180.250.20.33 180.240.193.14 180.240.193.13 180.240.192.6 198.32.176.20 72.52.92.70 184.105.223.158 66.160.133.118 199.58.199.118 69.195.64.46 192.163.229.190

21/tcp 51192 - SSL Certificate Cannot Be Trusted Synopsis
The SSL certificate for this service cannot be trusted.

Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted. First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when

12

intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the- middle attack against the remote host.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2010/12/15, Modification date: 2012/10/25

Ports tcp/21
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

57582 - SSL Self-Signed Certificate Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2012/01/17, Modification date: 2012/10/25

Ports tcp/21
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

13

34324 - FTP Supports Clear Text Authentication Synopsis
Authentication credentials might be intercepted.

Description
The remote FTP server allows the user's name and password to be transmitted in clear text, which could be intercepted by a network sniffer or a man-in-the-middle attack.

Solution
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so that control connections are encrypted.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
XREF XREF CWE:522 CWE:523

Plugin Information:
Publication date: 2008/10/01, Modification date: 2013/01/25

Ports tcp/21
Although this FTP server supports 'AUTH TLS', it is not mandatory and USER and PASS may be sent without switching to TLS.

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/21
Port 21/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor 14

None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/21
An FTP server is running on this port.

10092 - FTP Server Detection Synopsis
An FTP server is listening on this port.

Description
It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution
N/A

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2013/03/08

Ports tcp/21
The remote FTP banner is : 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------220-You are user number 1 of 50 allowed. 220-Local time is now 09:15. Server port: 21. 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity.

42149 - FTP Service AUTH TLS Command Support Synopsis
The remote directory service supports encrypting traffic.

Description
The remote FTP service supports the use of the 'AUTH TLS' command to switch from a plaintext to an encrypted communications channel.

See Also http://en.wikipedia.org/wiki/STARTTLS http://tools.ietf.org/html/rfc4217

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/10/15, Modification date: 2011/03/11

Ports tcp/21
Here is the FTP server's SSL certificate that Nessus was able to collect after sending a 'AUTH TLS' command : ------------------------------ snip -----------------------------Subject Name:

15

Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 01 3F 9E E9 FB Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:24 2013 GMT Not Valid After: Jul 12 07:53:24 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 DB CA D9 89 A2 A2 97 FF 73 4C 16 EA 1B 45 67 DB C3 9D 84 5E 98 34 F4 6D 3F 0C EE C0 98 D5 FD 71 D7 DE 19 01 53 E1 9A 0B 1D AC 5C 2F BB 19 2D 61 07 55 56 62 10 12 D7 B4 84 93 79 87 22 A0 AF 29 Exponent: 01 00 01

9A 34 7F 04 00 9D FB C9 33 4D 99 D4 97

FE F3 BC D9 4B 84 21 54 57 95 6B 2F 70

AB C2 4D 9B A6 25 FD 35 67 83 BA EF AB

0C 5B 32 27 E3 A1 84 23 4C C8 A0 23 61

AC 55 9C 7D BB 2E 58 63 08 5D 97 AA 57

35 84 95 B4 28 4E 23 59 D6 3D 77 C4 34

9D 36 50 F4 EF DA 5F 6C 49 1E 87 CD 1B

74 AC DB FC C4 6B 43 4B 87 41 8E 05 9C

A5 20 FC C2 3B 5E 97 93 A3 E2 44 DF 3C

F2 C5 11 E2 82 4A 86 48 1E AF 2C D4 25

CC 9E 4C AF B6 44 C4 69 3E 89 2E DC B5

28 D4 8A D1 C7 83 C2 00 A9 BB E1 58 DB

8C 90 43 4C 35 EC B8 D3 40 D9 42 4A

F0 22 72 C7 8F 05 1E 42 77 DE 22 09

1C A1 00 73 81 3A 1B 18 E6 73 FB CC

Signature Length: 256 bytes / 2048 Signature: 00 88 F8 F2 B3 95 BC FA DF EC 48 72 4A C4 74 00 7F 78 12 C4 9B C7 06 54 FF 88 02 3 [...]

bits A2 41 BC 49 20 EC E0 04 EB 00 95 AC F7 0F 83 95 45 FD EF FF 40 4B 57 37 38 3B 12 BE 07 9B 1D 8A 6F 4B 6C F2

56984 - SSL / TLS Versions Supported Synopsis
The remote service encrypts communications.

Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/12/01, Modification date: 2014/01/19

Ports tcp/21
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

16

50845 - OpenSSL Detection Synopsis
The remote service appears to use OpenSSL to encrypt traffic.

Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

See Also http://www.openssl.org Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/11/30, Modification date: 2013/10/18

Ports tcp/21 10863 - SSL Certificate Information Synopsis
This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2008/05/19, Modification date: 2012/04/02

Ports tcp/21
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 01 3F 9E E9 FB Version: 3 Signature Algorithm: SHA-1 With RSA Encryption

17

Not Valid Before: Jul 12 07:53:24 2013 GMT Not Valid After: Jul 12 07:53:24 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 DB CA D9 89 A2 A2 97 FF 73 4C 16 EA 1B 45 67 DB C3 9D 84 5E 98 34 F4 6D 3F 0C EE C0 98 D5 FD 71 D7 DE 19 01 53 E1 9A 0B 1D AC 5C 2F BB 19 2D 61 07 55 56 62 10 12 D7 B4 84 93 79 87 22 A0 AF 29 Exponent: 01 00 01

9A 34 7F 04 00 9D FB C9 33 4D 99 D4 97

FE F3 BC D9 4B 84 21 54 57 95 6B 2F 70

AB C2 4D 9B A6 25 FD 35 67 83 BA EF AB

0C 5B 32 27 E3 A1 84 23 4C C8 A0 23 61

AC 55 9C 7D BB 2E 58 63 08 5D 97 AA 57

35 84 95 B4 28 4E 23 59 D6 3D 77 C4 34

9D 36 50 F4 EF DA 5F 6C 49 1E 87 CD 1B

74 AC DB FC C4 6B 43 4B 87 41 8E 05 9C

A5 20 FC C2 3B 5E 97 93 A3 E2 44 DF 3C

F2 C5 11 E2 82 4A 86 48 1E AF 2C D4 25

CC 9E 4C AF B6 44 C4 69 3E 89 2E DC B5

28 D4 8A D1 C7 83 C2 00 A9 BB E1 58 DB

8C 90 43 4C 35 EC B8 D3 40 D9 42 4A

F0 22 72 C7 8F 05 1E 42 77 DE 22 09

1C A1 00 73 81 3A 1B 18 E6 73 FB CC

Signature Length: 256 bytes / 2048 Signature: 00 88 F8 F2 B3 95 BC FA DF EC 48 72 4A C4 74 00 7F 78 12 C4 9B C7 06 54 FF 88 02 37 75 B6 71 F0 74 C2 DB B6 A9 D6 31 65 ED BC 1E 6F 28 BC DC ED

bits A2 41 F7 0F 38 3B 67 82 67 95 70 37

BC 83 12 C1 24 3A

49 95 BE 77 27 68

20 45 07 95 C2 F7

EC FD 9B A1 14 EC

E0 EF 1D 43 9A 64

04 EB 00 FF 40 4B 8A 6F 4B 04 85 AA 02 9F 16 [...]

95 57 6C FF 46

AC 37 F2 45 71

62563 - SSL Compression Methods Supported Synopsis
The remote service supports one or more compression methods for SSL connections.

Description
This script detects which compression methods are supported by the remote service for SSL connections.

See Also http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml http://tools.ietf.org/html/rfc3749 http://tools.ietf.org/html/rfc3943 http://tools.ietf.org/html/rfc5246

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2012/10/16, Modification date: 2013/10/18

Ports tcp/21
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

22/tcp 70658 - SSH Server CBC Mode Ciphers Enabled Synopsis
The SSH server is configured to use Cipher Block Chaining.

Description

18

The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.

Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Temporal Score
1.9 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
BID CVE XREF XREF XREF XREF 32319 CVE-2008-5161 OSVDB:50035 OSVDB:50036 CERT:958563 CWE:200

Plugin Information:
Publication date: 2013/10/28, Modification date: 2013/10/28

Ports tcp/22
The following client-to-server Cipher Block Chaining (CBC) algorithms are supported : 3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The following server-to-client Cipher Block Chaining (CBC) algorithms are supported : 3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se

71049 - SSH Weak MAC Algorithms Enabled Synopsis
SSH is configured to allow MD5 and 96-bit MAC algorithms.

Description
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.

19

Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2013/11/22, Modification date: 2013/11/23

Ports tcp/22
The following client-to-server Method Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96 The following server-to-client Method Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/22
Port 22/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

20

Ports tcp/22
An SSH server is running on this port.

10267 - SSH Server Type and Version Information Synopsis
An SSH server is listening on this port.

Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/10/24

Ports tcp/22
SSH version : SSH-2.0-OpenSSH_5.3 SSH supported authentication : publickey,gssapi-keyex,gssapi-with-mic,password

70657 - SSH Algorithms and Languages Supported Synopsis
An SSH server is listening on this port.

Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2013/10/28, Modification date: 2013/12/19

Ports tcp/22
Nessus negotiated the following encryption algorithm with the server : aes128-cbc The server supports the following options for kex_algorithms : diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 The server supports the following options for server_host_key_algorithms : ssh-dss ssh-rsa The server supports the following options for encryption_algorithms_client_to_server : 3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc

21

aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The server supports the following options for encryption_algorithms_server_to_client : 3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The server supports the following options for mac_algorithms_client_to_server : hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 umac-64@openssh.com The server supports the following options for mac_algorithms_server_to_client : hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 umac-64@openssh.com The server supports the following options for compression_algorithms_client_to_server : none zlib@openssh.com The server supports the following options for compression_algorithms_server_to_client : none zlib@openssh.com

10881 - SSH Protocol Versions Supported Synopsis
A SSH server is running on the remote host.

Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2002/03/06, Modification date: 2013/10/21

22

Ports tcp/22
The remote SSH daemon supports the following versions of the SSH protocol : - 1.99 - 2.0

SSHv2 host key fingerprint : 27:5b:ae:da:a9:c9:17:f9:27:6e:d5:6e:46:d6:d0:21

39520 - Backported Security Patch Detection (SSH) Synopsis
Security patches are backported.

Description
Security patches may have been 'backported' to the remote SSH server without changing its version number. Banner-based checks have been disabled to avoid false positives. Note that this test is informational only and does not denote any security problem.

See Also http://www.nessus.org/u?d636c8c7 Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/06/25, Modification date: 2013/04/03

Ports tcp/22
Give Nessus credentials to perform local checks.

25/tcp 54582 - SMTP Service Cleartext Login Permitted Synopsis
The remote mail server allows cleartext logins.

Description
The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.

See Also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954

Solution
Configure the service to support less secure authentication mechanisms only over an encrypted channel.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2011/05/19, Modification date: 2011/09/15

Ports tcp/25 23

The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : PLAIN, LOGIN Cleartext methods : PLAIN, LOGIN

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/25
Port 25/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/25
An SMTP server is running on this port.

10263 - SMTP Server Detection Synopsis
An SMTP server is listening on the remote port.

Description
The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.

Solution
Disable this service if you do not use it, or filter incoming traffic to this port.

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11

24

Ports tcp/25
Remote SMTP server banner : 220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:14:05 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.

54580 - SMTP Authentication Methods Synopsis
The remote mail server supports authentication.

Description
The remote SMTP server advertises that it supports authentication.

See Also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954

Solution
Review the list of methods and whether they're available over an encrypted channel.

Risk Factor
None

Plugin Information:
Publication date: 2011/05/19, Modification date: 2011/06/29

Ports tcp/25
The following authentication methods are advertised by the SMTP server without encryption : LOGIN PLAIN

53/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/53
Port 53/tcp was found to be open

11002 - DNS Server Detection Synopsis
A DNS server is listening on the remote host.

Description

25

The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.

See Also http://en.wikipedia.org/wiki/Domain_Name_System Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.

Risk Factor
None

Plugin Information:
Publication date: 2003/02/13, Modification date: 2013/05/07

Ports tcp/53 53/udp 11002 - DNS Server Detection Synopsis
A DNS server is listening on the remote host.

Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.

See Also http://en.wikipedia.org/wiki/Domain_Name_System Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.

Risk Factor
None

Plugin Information:
Publication date: 2003/02/13, Modification date: 2013/05/07

Ports udp/53 10028 - DNS Server BIND version Directive Remote Version Disclosure Synopsis
It is possible to obtain the version number of the remote DNS server.

Description
The remote host is running BIND or another DNS server that reports its version number when it receives a special request, for the text 'version.bind' in the domain 'chaos'. This version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file.

Solution
It is possible to hide the version number of bind by using the 'version' directive in the 'options' section in named.conf

Risk Factor
None

References
XREF OSVDB:23

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/05/24

Ports udp/53

26

The version of the remote DNS server is : 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1

35371 - DNS Server hostname.bind Map Hostname Disclosure Synopsis
The DNS server discloses the remote host name.

Description
It is possible to learn the remote host name by querying the remote DNS server for 'hostname.bind' in the CHAOS domain.

Solution
It may be possible to disable this feature. Consult the vendor's documentation for more information.

Risk Factor
None

Plugin Information:
Publication date: 2009/01/15, Modification date: 2011/09/14

Ports udp/53
The remote host name is : genesis.bakatumu.com

80/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/80
Port 80/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:

27

Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/80
A web server is running on this port.

24260 - HyperText Transfer Protocol (HTTP) Information Synopsis
Some information about the remote HTTP configuration can be extracted.

Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31

Ports tcp/80
Protocol version : HTTP/1.1 SSL : no Keep-Alive : yes Options allowed : (Not implemented) Headers : Date: Fri, 24 Jan 2014 01:23:18 GMT Server: Apache X-Pingback: http://kupangkota.go.id/xmlrpc.php Link: ; rel=shortlink Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

59861 - Remote web server screenshot Synopsis
It was possible to take a 'screenshot' of the remote web server.

Description
This test renders the view of the remote web site's main page, as seen from within a web browser. This test is informational only and does not denote any security problem.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2013/03/29, Modification date: 2013/07/11

Ports tcp/80
It was possible to gather the following screenshot of the remote web site.

110/tcp 51192 - SSL Certificate Cannot Be Trusted Synopsis

28

The SSL certificate for this service cannot be trusted.

Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted. First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the- middle attack against the remote host.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2010/12/15, Modification date: 2012/10/25

Ports tcp/110
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

57582 - SSL Self-Signed Certificate Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2012/01/17, Modification date: 2012/10/25

Ports tcp/110 29

The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/110
Port 110/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/110
A POP3 server is running on this port.

10185 - POP Server Detection Synopsis
A POP server is listening on the remote port.

Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.

See Also http://en.wikipedia.org/wiki/Post_Office_Protocol Solution
Disable this service if you do not use it.

Risk Factor

30

None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11

Ports tcp/110
Remote POP server banner : +OK Dovecot ready.

42087 - POP3 Service STLS Command Support Synopsis
The remote mail service supports encrypting traffic.

Description
The remote POP3 service supports the use of the 'STLS' command to switch from a plaintext to an encrypted communications channel.

See Also http://en.wikipedia.org/wiki/STARTTLS http://tools.ietf.org/html/rfc2595

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/10/09, Modification date: 2011/03/10

Ports tcp/110
Here is the POP3 server's SSL certificate that Nessus was able to collect after sending a 'STLS' command : ------------------------------ snip -----------------------------Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT

31

Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C E [...]

bits C3 18 1D F5 AB ED 2A 9D 62 2F 9A FE F5 DB E7 5D F5 22 6B DD 0A F8 E0 A9 CB 72 0E DE 8E D7 1A 13 3B 02 FC DF

56984 - SSL / TLS Versions Supported Synopsis
The remote service encrypts communications.

Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/12/01, Modification date: 2014/01/19

Ports tcp/110
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

50845 - OpenSSL Detection Synopsis
The remote service appears to use OpenSSL to encrypt traffic.

Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

See Also http://www.openssl.org Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/11/30, Modification date: 2013/10/18

Ports 32

tcp/110 10863 - SSL Certificate Information Synopsis
This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2008/05/19, Modification date: 2012/04/02

Ports tcp/110
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C EC 98 92 21

bits C3 18 F5 DB CB 72 F3 07

1D E7 0E 75

F5 5D DE 00

AB F5 8E AA

ED 22 D7 CA

2A 6B 1A 14

9D DD 13 0A

62 0A 3B C6

2F F8 02 4D

9A E0 FC 23

FE A9 DF 62

33

A2 C4 53 74 CB 04 BA CA C8 BC 5D CD 51 DC 7D EE B1 85 E6 B5 BF DE E8 E5 1D 32 6D 9E BF 85 64 69 C6 2C 59 [...]

62563 - SSL Compression Methods Supported Synopsis
The remote service supports one or more compression methods for SSL connections.

Description
This script detects which compression methods are supported by the remote service for SSL connections.

See Also http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml http://tools.ietf.org/html/rfc3749 http://tools.ietf.org/html/rfc3943 http://tools.ietf.org/html/rfc5246

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2012/10/16, Modification date: 2013/10/18

Ports tcp/110
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

123/udp 10884 - Network Time Protocol (NTP) Server Detection Synopsis
An NTP server is listening on the remote host.

Description
An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2002/03/13, Modification date: 2011/03/11

Ports udp/123 143/tcp 51192 - SSL Certificate Cannot Be Trusted Synopsis
The SSL certificate for this service cannot be trusted.

Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted. First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when

34

intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the- middle attack against the remote host.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2010/12/15, Modification date: 2012/10/25

Ports tcp/143
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

57582 - SSL Self-Signed Certificate Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2012/01/17, Modification date: 2012/10/25

Ports tcp/143
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

35

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/143
Port 143/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/143
An IMAP server is running on this port.

11414 - IMAP Service Banner Retrieval Synopsis
An IMAP server is running on the remote host.

Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2003/03/18, Modification date: 2011/03/16

Ports tcp/143
The remote imap server banner is : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

36

42085 - IMAP Service STARTTLS Command Support Synopsis
The remote mail service supports encrypting traffic.

Description
The remote IMAP service supports the use of the 'STARTTLS' command to switch from a plaintext to an encrypted communications channel.

See Also http://en.wikipedia.org/wiki/STARTTLS http://tools.ietf.org/html/rfc2595

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/10/09, Modification date: 2011/03/10

Ports tcp/143
Here is the IMAP server's SSL certificate that Nessus was able to collect after sending a 'STARTTLS' command : ------------------------------ snip -----------------------------Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59

EE FC A1 42 FB B3 FC B9 AF

72 20 CA B4 6B 2E DD 2F EB

8B 77 94 C3 39 84 A9 3F 31

A1 C1 91 EF 85 7D C1 1F 2A

E2 F5 2C 8C 03 37 46 E8 E4

68 54 99 F2 B6 B7 E9 CD F0

40 B8 16 54 CE 13 EE ED C4

A1 88 4F A8 11 DC 0D A6 F9

A8 1C 20 FF 43 71 10 E8 63

B4 9B B1 2D A9 56 FD DA 80

A6 8C 7F C1 59 09 21 ED 31

08 71 62 21 07 B1 43 1F CE

41 5F FE 5B 72 FC 4D 89 33

0F 3C 89 CF 81 3F 74 ED C5

E8 16 41 BE 1B 84 2A C9 15

37

6E 8D 4E D2 45 95 AA C6 A9 D5 AF BC Exponent: 01 00 01

97 15 AF 85

B2 9B 26 22

53 0C 7C C8

F4 30 B6 B2

2B C3 68 C5

78 88 D2 5A

CB 05 7B 59

55 E5 0D D0

BC 7A F5 7E

24 2B BF DB

2E 48 0F BF

21 9D 13 29

F0 06 06 5F

E7 E3 40 EA 4D 6B 36 61 C2 92 94 33 03

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B [...]

bits C3 18 1D F5 AB ED 2A 9D 62 2F 9A FE F5 DB E7 5D F5 22 6B DD 0A F8 E0 A9 CB 72 0E DE 8E D7 1A 13 3B 02 FC DF

56984 - SSL / TLS Versions Supported Synopsis
The remote service encrypts communications.

Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/12/01, Modification date: 2014/01/19

Ports tcp/143
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

50845 - OpenSSL Detection Synopsis
The remote service appears to use OpenSSL to encrypt traffic.

Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

See Also http://www.openssl.org Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/11/30, Modification date: 2013/10/18

Ports tcp/143 62563 - SSL Compression Methods Supported Synopsis
The remote service supports one or more compression methods for SSL connections.

Description
This script detects which compression methods are supported by the remote service for SSL connections.

See Also http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml 38

http://tools.ietf.org/html/rfc3749 http://tools.ietf.org/html/rfc3943 http://tools.ietf.org/html/rfc5246

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2012/10/16, Modification date: 2013/10/18

Ports tcp/143
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

10863 - SSL Certificate Information Synopsis
This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2008/05/19, Modification date: 2012/04/02

Ports tcp/143
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT

39

Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C EC 98 92 21 A2 C4 53 74 CB 04 BA CA BF DE E8 E5 1D 32 6D 9E

bits C3 18 F5 DB CB 72 F3 07 C8 BC BF 85

1D E7 0E 75 5D 64

F5 5D DE 00 CD 69

AB F5 8E AA 51 C6

ED 22 D7 CA DC 2C

2A 6B 1A 14 7D 59

9D 62 2F DD 0A F8 13 3B 02 0A C6 4D EE B1 85 [...]

9A E0 FC 23 E6

FE A9 DF 62 B5

443/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/443
Port 443/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/443 40

A web server is running on this port.

43111 - HTTP Methods Allowed (per directory) Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.

Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09

Ports tcp/443
Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST are allowed on : /

10107 - HTTP Server Type and Version Synopsis
A web server is running on the remote host.

Description
This plugin attempts to determine the type and the version of the remote web server.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/12/03

Ports tcp/443
The remote web server type is : Apache and the 'ServerTokens' directive is ProductOnly Apache does not offer a way to hide the server type.

24260 - HyperText Transfer Protocol (HTTP) Information Synopsis
Some information about the remote HTTP configuration can be extracted.

Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.

Solution 41

n/a

Risk Factor
None

Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31

Ports tcp/443
Protocol version : HTTP/1.1 SSL : no Keep-Alive : yes Options allowed : (Not implemented) Headers : Date: Fri, 24 Jan 2014 01:23:23 GMT Server: Apache Last-Modified: Wed, 17 Jul 2013 16:05:26 GMT Accept-Ranges: bytes Content-Length: 111 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html

59861 - Remote web server screenshot Synopsis
It was possible to take a 'screenshot' of the remote web server.

Description
This test renders the view of the remote web site's main page, as seen from within a web browser. This test is informational only and does not denote any security problem.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2013/03/29, Modification date: 2013/07/11

Ports tcp/443
It was possible to gather the following screenshot of the remote web site.

465/tcp 51192 - SSL Certificate Cannot Be Trusted Synopsis
The SSL certificate for this service cannot be trusted.

Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted. First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

42

If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the- middle attack against the remote host.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2010/12/15, Modification date: 2012/10/25

Ports tcp/465
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

57582 - SSL Self-Signed Certificate Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2012/01/17, Modification date: 2012/10/25

Ports tcp/465
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

43

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/465
Port 465/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/465
A TLSv1 server answered on this port.

tcp/465
An SMTP server is running on this port through TLSv1.

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/465
A TLSv1 server answered on this port.

tcp/465
An SMTP server is running on this port through TLSv1.

10263 - SMTP Server Detection Synopsis

44

An SMTP server is listening on the remote port.

Description
The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.

Solution
Disable this service if you do not use it, or filter incoming traffic to this port.

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11

Ports tcp/465
Remote SMTP server banner : 220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:15:15 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. 500 unrecognized command 500 unrecognized command

54580 - SMTP Authentication Methods Synopsis
The remote mail server supports authentication.

Description
The remote SMTP server advertises that it supports authentication.

See Also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954

Solution
Review the list of methods and whether they're available over an encrypted channel.

Risk Factor
None

Plugin Information:
Publication date: 2011/05/19, Modification date: 2011/06/29

Ports tcp/465
The following authentication methods are advertised by the SMTP server with encryption : LOGIN PLAIN

56984 - SSL / TLS Versions Supported Synopsis
The remote service encrypts communications.

Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution n/a Risk Factor

45

None

Plugin Information:
Publication date: 2011/12/01, Modification date: 2014/01/19

Ports tcp/465
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

50845 - OpenSSL Detection Synopsis
The remote service appears to use OpenSSL to encrypt traffic.

Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

See Also http://www.openssl.org Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/11/30, Modification date: 2013/10/18

Ports tcp/465 62563 - SSL Compression Methods Supported Synopsis
The remote service supports one or more compression methods for SSL connections.

Description
This script detects which compression methods are supported by the remote service for SSL connections.

See Also http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml http://tools.ietf.org/html/rfc3749 http://tools.ietf.org/html/rfc3943 http://tools.ietf.org/html/rfc5246

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2012/10/16, Modification date: 2013/10/18

Ports tcp/465
Nessus was able to confirm that the following compression method is supported by the target :

46

NULL (0x00)

10863 - SSL Certificate Information Synopsis
This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2008/05/19, Modification date: 2012/04/02

Ports tcp/465
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 02 0E 3D 9E 32 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:27 2013 GMT Not Valid After: Jul 12 07:53:27 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 B3 CD 0A 57 D0 56 DA 7A 81 86 6C BD 58 7B 31 53 DB E3 91 4B 17 7F 56 DC 2D 69 0D 27 2A 20 FF 4F 55 6C A4 5F 26 DD DF ED AC 20 A2 B8 2F 63 5F 99 3B 46 F9 05 D5 CB E2 05 8E B6 86 B7 21 FB 00 8E Exponent: 01 00 01

BB 80 0D 66 C1 A4 5B 9D 1F E4 69 EB D4

F6 55 70 39 24 F3 01 D0 5C 32 36 6E 32

95 C6 92 A8 09 22 67 F1 03 17 44 13 9B

AE 26 52 A8 4A B1 2D 47 D7 22 6D 5C AD

AC 65 42 F1 67 86 87 0B D0 3B FB 58 5E

52 DE 55 FA 18 6A 65 C6 D9 62 D9 20 3F

CA E2 9E BB 88 55 54 B9 99 51 D3 4F 69

86 26 CE B5 E2 DB 6E 89 A2 F3 1A C2 6E

56 9C E6 2E 7A 28 F6 FA 0A B8 F9 4B 7E

08 96 0A D8 8F E8 51 5C C0 47 73 97 29

FB 3F F9 0E 86 AF 53 B9 61 AF 2B DB 65

83 F5 AA 2C F3 51 06 03 68 1A 54 71 C3

4E 7B A9 9B 93 A8 99 85 4D 22 60 B4

F4 79 EF BD 89 F5 BD 26 C1 DC 98 97

54 EE E3 7B 91 43 BB B7 07 DE 10 FF

Signature Length: 256 bytes / 2048 Signature: 00 16 EF FE 12 43 68 3D DB 25 45 10 DA 2C 64 5A BC 3F C5 B4 FE CA 4A BF C3 AE 5E D9 66 74 11 FB

bits D0 C0 E0 80 E1 31 43 81

42 B2 C0 C1

CB 81 BC FD

DA B2 78 95

71 62 A5 BC

21 AD E0 57

69 3C 5C 66

8B B1 91 6C

8D 2E 74 B5

EA 1A D0 82

85 3E DD BC

47

ED 99 CA 6B 7E D9 47 E1 0A 13 A3 C3 A4 0A 1C 31 16 4A 43 6D C1 48 C4 A0 22 41 07 01 51 DC DB E4 A6 8C 5A [...]

587/tcp 54582 - SMTP Service Cleartext Login Permitted Synopsis
The remote mail server allows cleartext logins.

Description
The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.

See Also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954

Solution
Configure the service to support less secure authentication mechanisms only over an encrypted channel.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2011/05/19, Modification date: 2011/09/15

Ports tcp/587
The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : PLAIN, LOGIN Cleartext methods : PLAIN, LOGIN

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/587
Port 587/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description

48

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/587
An SMTP server is running on this port.

10263 - SMTP Server Detection Synopsis
An SMTP server is listening on the remote port.

Description
The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.

Solution
Disable this service if you do not use it, or filter incoming traffic to this port.

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11

Ports tcp/587
Remote SMTP server banner : 220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:14:08 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.

54580 - SMTP Authentication Methods Synopsis
The remote mail server supports authentication.

Description
The remote SMTP server advertises that it supports authentication.

See Also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954

Solution
Review the list of methods and whether they're available over an encrypted channel.

Risk Factor
None

Plugin Information:
Publication date: 2011/05/19, Modification date: 2011/06/29

Ports tcp/587

49

The following authentication methods are advertised by the SMTP server without encryption : LOGIN PLAIN

993/tcp 51192 - SSL Certificate Cannot Be Trusted Synopsis
The SSL certificate for this service cannot be trusted.

Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted. First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the- middle attack against the remote host.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2010/12/15, Modification date: 2012/10/25

Ports tcp/993
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

57582 - SSL Self-Signed Certificate Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score 50

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2012/01/17, Modification date: 2012/10/25

Ports tcp/993
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/993
Port 993/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/993
A TLSv1 server answered on this port.

tcp/993
An IMAP server is running on this port through TLSv1.

22964 - Service Detection Synopsis
The remote service could be identified.

Description

51

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/993
A TLSv1 server answered on this port.

tcp/993
An IMAP server is running on this port through TLSv1.

11414 - IMAP Service Banner Retrieval Synopsis
An IMAP server is running on the remote host.

Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2003/03/18, Modification date: 2011/03/16

Ports tcp/993
The remote imap server banner is : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. GET BAD Error in IMAP command received by server. * BAD Error in IMAP command received by server.

56984 - SSL / TLS Versions Supported Synopsis
The remote service encrypts communications.

Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/12/01, Modification date: 2014/01/19

Ports tcp/993
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

50845 - OpenSSL Detection Synopsis 52

The remote service appears to use OpenSSL to encrypt traffic.

Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

See Also http://www.openssl.org Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/11/30, Modification date: 2013/10/18

Ports tcp/993 62563 - SSL Compression Methods Supported Synopsis
The remote service supports one or more compression methods for SSL connections.

Description
This script detects which compression methods are supported by the remote service for SSL connections.

See Also http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml http://tools.ietf.org/html/rfc3749 http://tools.ietf.org/html/rfc3943 http://tools.ietf.org/html/rfc5246

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2012/10/16, Modification date: 2013/10/18

Ports tcp/993
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

10863 - SSL Certificate Information Synopsis
This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution n/a Risk Factor 53

None

Plugin Information:
Publication date: 2008/05/19, Modification date: 2012/04/02

Ports tcp/993
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C EC 98 92 21 A2 C4 53 74 CB 04 BA CA BF DE E8 E5 1D 32 6D 9E

bits C3 18 F5 DB CB 72 F3 07 C8 BC BF 85

1D E7 0E 75 5D 64

F5 5D DE 00 CD 69

AB F5 8E AA 51 C6

ED 22 D7 CA DC 2C

2A 6B 1A 14 7D 59

9D 62 2F DD 0A F8 13 3B 02 0A C6 4D EE B1 85 [...]

9A E0 FC 23 E6

FE A9 DF 62 B5

995/tcp 51192 - SSL Certificate Cannot Be Trusted Synopsis
The SSL certificate for this service cannot be trusted.

Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted.

54

First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the- middle attack against the remote host.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2010/12/15, Modification date: 2012/10/25

Ports tcp/995
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

57582 - SSL Self-Signed Certificate Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2012/01/17, Modification date: 2012/10/25

Ports tcp/995
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities :

55

|-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/995
Port 995/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/995
A POP3 server is running on this port through TLSv1.

tcp/995
A TLSv1 server answered on this port.

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports 56

tcp/995
A POP3 server is running on this port through TLSv1.

tcp/995
A TLSv1 server answered on this port.

10185 - POP Server Detection Synopsis
A POP server is listening on the remote port.

Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.

See Also http://en.wikipedia.org/wiki/Post_Office_Protocol Solution
Disable this service if you do not use it.

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11

Ports tcp/995
Remote POP server banner : +OK Dovecot ready.

56984 - SSL / TLS Versions Supported Synopsis
The remote service encrypts communications.

Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/12/01, Modification date: 2014/01/19

Ports tcp/995
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

50845 - OpenSSL Detection Synopsis
The remote service appears to use OpenSSL to encrypt traffic.

Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

See Also

57

http://www.openssl.org

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/11/30, Modification date: 2013/10/18

Ports tcp/995 62563 - SSL Compression Methods Supported Synopsis
The remote service supports one or more compression methods for SSL connections.

Description
This script detects which compression methods are supported by the remote service for SSL connections.

See Also http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml http://tools.ietf.org/html/rfc3749 http://tools.ietf.org/html/rfc3943 http://tools.ietf.org/html/rfc5246

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2012/10/16, Modification date: 2013/10/18

Ports tcp/995
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

10863 - SSL Certificate Information Synopsis
This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2008/05/19, Modification date: 2012/04/02

Ports tcp/995
Subject Name:

58

Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C EC 98 92 21 A2 C4 53 74 CB 04 BA CA BF DE E8 E5 1D 32 6D 9E

bits C3 18 F5 DB CB 72 F3 07 C8 BC BF 85

1D E7 0E 75 5D 64

F5 5D DE 00 CD 69

AB F5 8E AA 51 C6

ED 22 D7 CA DC 2C

2A 6B 1A 14 7D 59

9D 62 2F DD 0A F8 13 3B 02 0A C6 4D EE B1 85 [...]

9A E0 FC 23 E6

FE A9 DF 62 B5

2077/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:

59

Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2077
Port 2077/tcp was found to be open

2078/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2078
Port 2078/tcp was found to be open

2082/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2082
Port 2082/tcp was found to be open

2083/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor 60

None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2083
Port 2083/tcp was found to be open

2086/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2086
Port 2086/tcp was found to be open

2087/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2087
Port 2087/tcp was found to be open

2095/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution 61

Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2095
Port 2095/tcp was found to be open

2096/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/2096
Port 2096/tcp was found to be open

3306/tcp 11219 - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Ports tcp/3306
Port 3306/tcp was found to be open

22964 - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

62

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Ports tcp/3306
A MySQL server is running on this port.

63

Vulnerabilities By Plugin

51192 (6) - SSL Certificate Cannot Be Trusted Synopsis
The SSL certificate for this service cannot be trusted.

Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted. First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority. Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize. If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the- middle attack against the remote host.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2010/12/15, Modification date: 2012/10/25

Hosts kupangkota.go.id (tcp/21)
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/110)
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/143)
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/465) 65

The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/993)
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/995)
The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com |-Issuer : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

66

57582 (6) - SSL Self-Signed Certificate Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution
Purchase or generate a proper certificate for this service.

Risk Factor
Medium

CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2012/01/17, Modification date: 2012/10/25

Hosts kupangkota.go.id (tcp/21)
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/110)
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/143)
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/465)
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/993)
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities :

67

|-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

kupangkota.go.id (tcp/995)
The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=genesis.bakatumu.com/ E=ssl@genesis.bakatumu.com

68

54582 (2) - SMTP Service Cleartext Login Permitted Synopsis
The remote mail server allows cleartext logins.

Description
The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.

See Also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954

Solution
Configure the service to support less secure authentication mechanisms only over an encrypted channel.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2011/05/19, Modification date: 2011/09/15

Hosts kupangkota.go.id (tcp/25)
The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : PLAIN, LOGIN Cleartext methods : PLAIN, LOGIN

kupangkota.go.id (tcp/587)
The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : PLAIN, LOGIN Cleartext methods : PLAIN, LOGIN

69

34324 (1) - FTP Supports Clear Text Authentication Synopsis
Authentication credentials might be intercepted.

Description
The remote FTP server allows the user's name and password to be transmitted in clear text, which could be intercepted by a network sniffer or a man-in-the-middle attack.

Solution
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so that control connections are encrypted.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
XREF XREF CWE:522 CWE:523

Plugin Information:
Publication date: 2008/10/01, Modification date: 2013/01/25

Hosts kupangkota.go.id (tcp/21)
Although this FTP server supports 'AUTH TLS', it is not mandatory and USER and PASS may be sent without switching to TLS.

70

70658 (1) - SSH Server CBC Mode Ciphers Enabled Synopsis
The SSH server is configured to use Cipher Block Chaining.

Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.

Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Temporal Score
1.9 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
BID CVE XREF XREF XREF XREF 32319 CVE-2008-5161 OSVDB:50035 OSVDB:50036 CERT:958563 CWE:200

Plugin Information:
Publication date: 2013/10/28, Modification date: 2013/10/28

Hosts kupangkota.go.id (tcp/22)
The following client-to-server Cipher Block Chaining (CBC) algorithms are supported : 3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The following server-to-client Cipher Block Chaining (CBC) algorithms are supported : 3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se

71

71049 (1) - SSH Weak MAC Algorithms Enabled Synopsis
SSH is configured to allow MD5 and 96-bit MAC algorithms.

Description
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.

Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.

Risk Factor
Low

CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2013/11/22, Modification date: 2013/11/23

Hosts kupangkota.go.id (tcp/22)
The following client-to-server Method Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96 The following server-to-client Method Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96

72

11219 (21) - Nessus SYN scanner Synopsis
It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/10/15

Hosts kupangkota.go.id (tcp/21)
Port 21/tcp was found to be open

kupangkota.go.id (tcp/22)
Port 22/tcp was found to be open

kupangkota.go.id (tcp/25)
Port 25/tcp was found to be open

kupangkota.go.id (tcp/53)
Port 53/tcp was found to be open

kupangkota.go.id (tcp/80)
Port 80/tcp was found to be open

kupangkota.go.id (tcp/110)
Port 110/tcp was found to be open

kupangkota.go.id (tcp/143)
Port 143/tcp was found to be open

kupangkota.go.id (tcp/443)
Port 443/tcp was found to be open

kupangkota.go.id (tcp/465)
Port 465/tcp was found to be open

kupangkota.go.id (tcp/587)
Port 587/tcp was found to be open

kupangkota.go.id (tcp/993)
Port 993/tcp was found to be open

kupangkota.go.id (tcp/995)
Port 995/tcp was found to be open

kupangkota.go.id (tcp/2077)
Port 2077/tcp was found to be open

kupangkota.go.id (tcp/2078)
Port 2078/tcp was found to be open

kupangkota.go.id (tcp/2082)
Port 2082/tcp was found to be open

kupangkota.go.id (tcp/2083)

73

Port 2083/tcp was found to be open

kupangkota.go.id (tcp/2086)
Port 2086/tcp was found to be open

kupangkota.go.id (tcp/2087)
Port 2087/tcp was found to be open

kupangkota.go.id (tcp/2095)
Port 2095/tcp was found to be open

kupangkota.go.id (tcp/2096)
Port 2096/tcp was found to be open

kupangkota.go.id (tcp/3306)
Port 3306/tcp was found to be open

74

22964 (15) - Service Detection Synopsis
The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2014/01/22

Hosts kupangkota.go.id (tcp/21)
An FTP server is running on this port.

kupangkota.go.id (tcp/22)
An SSH server is running on this port.

kupangkota.go.id (tcp/25)
An SMTP server is running on this port.

kupangkota.go.id (tcp/80)
A web server is running on this port.

kupangkota.go.id (tcp/110)
A POP3 server is running on this port.

kupangkota.go.id (tcp/143)
An IMAP server is running on this port.

kupangkota.go.id (tcp/443)
A web server is running on this port.

kupangkota.go.id (tcp/465)
A TLSv1 server answered on this port.

kupangkota.go.id (tcp/465)
An SMTP server is running on this port through TLSv1.

kupangkota.go.id (tcp/587)
An SMTP server is running on this port.

kupangkota.go.id (tcp/993)
A TLSv1 server answered on this port.

kupangkota.go.id (tcp/993)
An IMAP server is running on this port through TLSv1.

kupangkota.go.id (tcp/995)
A POP3 server is running on this port through TLSv1.

kupangkota.go.id (tcp/995)
A TLSv1 server answered on this port.

kupangkota.go.id (tcp/3306)
A MySQL server is running on this port.

75

10863 (6) - SSL Certificate Information Synopsis
This plugin displays the SSL certificate.

Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2008/05/19, Modification date: 2012/04/02

Hosts kupangkota.go.id (tcp/21)
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 01 3F 9E E9 FB Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:24 2013 GMT Not Valid After: Jul 12 07:53:24 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 DB CA D9 89 A2 A2 97 FF 73 4C 16 EA 1B 45 67 DB C3 9D 84 5E 98 34 F4 6D 3F 0C EE C0 98 D5 FD 71 D7 DE 19 01 53 E1 9A 0B 1D AC 5C 2F BB 19 2D 61 07 55 56 62 10 12 D7 B4 84 93 79 87 22 A0 AF 29 Exponent: 01 00 01

9A 34 7F 04 00 9D FB C9 33 4D 99 D4 97

FE F3 BC D9 4B 84 21 54 57 95 6B 2F 70

AB C2 4D 9B A6 25 FD 35 67 83 BA EF AB

0C 5B 32 27 E3 A1 84 23 4C C8 A0 23 61

AC 55 9C 7D BB 2E 58 63 08 5D 97 AA 57

35 84 95 B4 28 4E 23 59 D6 3D 77 C4 34

9D 36 50 F4 EF DA 5F 6C 49 1E 87 CD 1B

74 AC DB FC C4 6B 43 4B 87 41 8E 05 9C

A5 20 FC C2 3B 5E 97 93 A3 E2 44 DF 3C

F2 C5 11 E2 82 4A 86 48 1E AF 2C D4 25

CC 9E 4C AF B6 44 C4 69 3E 89 2E DC B5

28 D4 8A D1 C7 83 C2 00 A9 BB E1 58 DB

8C 90 43 4C 35 EC B8 D3 40 D9 42 4A

F0 22 72 C7 8F 05 1E 42 77 DE 22 09

1C A1 00 73 81 3A 1B 18 E6 73 FB CC

Signature Length: 256 bytes / 2048 Signature: 00 88 F8 F2 B3 95 BC FA DF EC 48 72 4A C4 74 00 7F 78 12 C4 9B C7 06 54

bits A2 41 BC 49 20 EC E0 04 EB 00 95 AC F7 0F 83 95 45 FD EF FF 40 4B 57 37 38 3B 12 BE 07 9B 1D 8A 6F 4B 6C F2

76

FF 88 02 37 75 B6 71 F0 67 82 C1 77 95 A1 43 04 85 AA FF 45 74 C2 DB B6 A9 D6 31 65 67 95 24 27 C2 14 9A 02 9F 16 46 71 ED BC 1E 6F 28 BC DC ED 70 37 3A 68 F7 EC 64 [...]

kupangkota.go.id (tcp/110)
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C EC 98 92 21 A2 C4 53 74 CB 04 BA CA BF DE E8 E5 1D 32 6D 9E

bits C3 18 F5 DB CB 72 F3 07 C8 BC BF 85

1D E7 0E 75 5D 64

F5 5D DE 00 CD 69

AB F5 8E AA 51 C6

ED 22 D7 CA DC 2C

2A 6B 1A 14 7D 59

9D 62 2F DD 0A F8 13 3B 02 0A C6 4D EE B1 85 [...]

9A E0 FC 23 E6

FE A9 DF 62 B5

kupangkota.go.id (tcp/143)
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US

77

State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C EC 98 92 21 A2 C4 53 74 CB 04 BA CA BF DE E8 E5 1D 32 6D 9E

bits C3 18 F5 DB CB 72 F3 07 C8 BC BF 85

1D E7 0E 75 5D 64

F5 5D DE 00 CD 69

AB F5 8E AA 51 C6

ED 22 D7 CA DC 2C

2A 6B 1A 14 7D 59

9D 62 2F DD 0A F8 13 3B 02 0A C6 4D EE B1 85 [...]

9A E0 FC 23 E6

FE A9 DF 62 B5

kupangkota.go.id (tcp/465)
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 02 0E 3D 9E 32 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:27 2013 GMT Not Valid After: Jul 12 07:53:27 2014 GMT Public Key Info:

78

Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 B3 CD 0A 57 D0 56 DA 7A 81 86 6C BD 58 7B 31 53 DB E3 91 4B 17 7F 56 DC 2D 69 0D 27 2A 20 FF 4F 55 6C A4 5F 26 DD DF ED AC 20 A2 B8 2F 63 5F 99 3B 46 F9 05 D5 CB E2 05 8E B6 86 B7 21 FB 00 8E Exponent: 01 00 01

BB 80 0D 66 C1 A4 5B 9D 1F E4 69 EB D4

F6 55 70 39 24 F3 01 D0 5C 32 36 6E 32

95 C6 92 A8 09 22 67 F1 03 17 44 13 9B

AE 26 52 A8 4A B1 2D 47 D7 22 6D 5C AD

AC 65 42 F1 67 86 87 0B D0 3B FB 58 5E

52 DE 55 FA 18 6A 65 C6 D9 62 D9 20 3F

CA E2 9E BB 88 55 54 B9 99 51 D3 4F 69

86 26 CE B5 E2 DB 6E 89 A2 F3 1A C2 6E

56 9C E6 2E 7A 28 F6 FA 0A B8 F9 4B 7E

08 96 0A D8 8F E8 51 5C C0 47 73 97 29

FB 3F F9 0E 86 AF 53 B9 61 AF 2B DB 65

83 F5 AA 2C F3 51 06 03 68 1A 54 71 C3

4E 7B A9 9B 93 A8 99 85 4D 22 60 B4

F4 79 EF BD 89 F5 BD 26 C1 DC 98 97

54 EE E3 7B 91 43 BB B7 07 DE 10 FF

Signature Length: 256 bytes / 2048 Signature: 00 16 EF FE 12 43 68 3D DB 25 45 10 DA 2C 64 5A BC 3F C5 B4 FE CA 4A BF C3 AE 5E D9 66 74 11 FB ED 99 CA 6B 7E D9 47 E1 C1 48 C4 A0 22 41 07 01

bits D0 C0 E0 80 E1 31 43 81 0A 13 51 DC

42 B2 C0 C1 A3 DB

CB 81 BC FD C3 E4

DA B2 78 95 A4 A6

71 62 A5 BC 0A 8C

21 AD E0 57 1C 5A

69 8B 8D 3C B1 2E 5C 91 74 66 6C B5 31 16 4A [...]

EA 1A D0 82 43

85 3E DD BC 6D

kupangkota.go.id (tcp/993)
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 bits

79

Signature: 00 BB D1 51 A2 BF

6E 23 1A 14 C4 DE

3B B7 07 3B 53 E8

F8 06 9F 8C 74 E5

4B 2D 98 EC CB 1D

52 84 13 98 04 32

F0 FA 48 92 BA 6D

6C E3 4A 21 CA 9E

C3 F5 CB F3 C8 BF

18 DB 72 07 BC 85

1D E7 0E 75 5D 64

F5 5D DE 00 CD 69

AB F5 8E AA 51 C6

ED 22 D7 CA DC 2C

2A 6B 1A 14 7D 59

9D 62 2F DD 0A F8 13 3B 02 0A C6 4D EE B1 85 [...]

9A E0 FC 23 E6

FE A9 DF 62 B5

kupangkota.go.id (tcp/995)
Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99 42 D1 BF BC F7 FC 2D D5 50 59 6E 8D 4E 97 B2 D2 45 95 15 9B AA C6 A9 AF 26 D5 AF BC 85 22 Exponent: 01 00 01

EE FC A1 42 FB B3 FC B9 AF 53 0C 7C C8

72 20 CA B4 6B 2E DD 2F EB F4 30 B6 B2

8B 77 94 C3 39 84 A9 3F 31 2B C3 68 C5

A1 C1 91 EF 85 7D C1 1F 2A 78 88 D2 5A

E2 F5 2C 8C 03 37 46 E8 E4 CB 05 7B 59

68 54 99 F2 B6 B7 E9 CD F0 55 E5 0D D0

40 B8 16 54 CE 13 EE ED C4 BC 7A F5 7E

A1 88 4F A8 11 DC 0D A6 F9 24 2B BF DB

A8 1C 20 FF 43 71 10 E8 63 2E 48 0F BF

B4 9B B1 2D A9 56 FD DA 80 21 9D 13 29

A6 8C 7F C1 59 09 21 ED 31 F0 06 06 5F

08 71 62 21 07 B1 43 1F CE E7 4D C2 03

41 5F FE 5B 72 FC 4D 89 33 E3 6B 92

0F 3C 89 CF 81 3F 74 ED C5 40 36 94

E8 16 41 BE 1B 84 2A C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C EC 98 92 21 A2 C4 53 74 CB 04 BA CA BF DE E8 E5 1D 32 6D 9E

bits C3 18 F5 DB CB 72 F3 07 C8 BC BF 85

1D E7 0E 75 5D 64

F5 5D DE 00 CD 69

AB F5 8E AA 51 C6

ED 22 D7 CA DC 2C

2A 6B 1A 14 7D 59

9D 62 2F DD 0A F8 13 3B 02 0A C6 4D EE B1 85 [...]

9A E0 FC 23 E6

FE A9 DF 62 B5

80

50845 (6) - OpenSSL Detection Synopsis
The remote service appears to use OpenSSL to encrypt traffic.

Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic. Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

See Also http://www.openssl.org Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/11/30, Modification date: 2013/10/18

Hosts kupangkota.go.id (tcp/21) kupangkota.go.id (tcp/110) kupangkota.go.id (tcp/143) kupangkota.go.id (tcp/465) kupangkota.go.id (tcp/993) kupangkota.go.id (tcp/995)

81

56984 (6) - SSL / TLS Versions Supported Synopsis
The remote service encrypts communications.

Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/12/01, Modification date: 2014/01/19

Hosts kupangkota.go.id (tcp/21)
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

kupangkota.go.id (tcp/110)
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

kupangkota.go.id (tcp/143)
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

kupangkota.go.id (tcp/465)
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

kupangkota.go.id (tcp/993)
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

kupangkota.go.id (tcp/995)
This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.

82

62563 (6) - SSL Compression Methods Supported Synopsis
The remote service supports one or more compression methods for SSL connections.

Description
This script detects which compression methods are supported by the remote service for SSL connections.

See Also http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml http://tools.ietf.org/html/rfc3749 http://tools.ietf.org/html/rfc3943 http://tools.ietf.org/html/rfc5246

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2012/10/16, Modification date: 2013/10/18

Hosts kupangkota.go.id (tcp/21)
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

kupangkota.go.id (tcp/110)
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

kupangkota.go.id (tcp/143)
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

kupangkota.go.id (tcp/465)
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

kupangkota.go.id (tcp/993)
Nessus was able to confirm that the following compression method is supported by the target : NULL (0x00)

kupangkota.go.id (tcp/995)
Nessus was able to confirm that the following compression method is supported by the target :

83

NULL (0x00)

84

10263 (3) - SMTP Server Detection Synopsis
An SMTP server is listening on the remote port.

Description
The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.

Solution
Disable this service if you do not use it, or filter incoming traffic to this port.

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11

Hosts kupangkota.go.id (tcp/25)
Remote SMTP server banner : 220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:14:05 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.

kupangkota.go.id (tcp/465)
Remote SMTP server banner : 220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:15:15 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. 500 unrecognized command 500 unrecognized command

kupangkota.go.id (tcp/587)
Remote SMTP server banner : 220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:14:08 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.

85

54580 (3) - SMTP Authentication Methods Synopsis
The remote mail server supports authentication.

Description
The remote SMTP server advertises that it supports authentication.

See Also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954

Solution
Review the list of methods and whether they're available over an encrypted channel.

Risk Factor
None

Plugin Information:
Publication date: 2011/05/19, Modification date: 2011/06/29

Hosts kupangkota.go.id (tcp/25)
The following authentication methods are advertised by the SMTP server without encryption : LOGIN PLAIN

kupangkota.go.id (tcp/465)
The following authentication methods are advertised by the SMTP server with encryption : LOGIN PLAIN

kupangkota.go.id (tcp/587)
The following authentication methods are advertised by the SMTP server without encryption : LOGIN PLAIN

86

10185 (2) - POP Server Detection Synopsis
A POP server is listening on the remote port.

Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.

See Also http://en.wikipedia.org/wiki/Post_Office_Protocol Solution
Disable this service if you do not use it.

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11

Hosts kupangkota.go.id (tcp/110)
Remote POP server banner : +OK Dovecot ready.

kupangkota.go.id (tcp/995)
Remote POP server banner : +OK Dovecot ready.

87

11002 (2) - DNS Server Detection Synopsis
A DNS server is listening on the remote host.

Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.

See Also http://en.wikipedia.org/wiki/Domain_Name_System Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.

Risk Factor
None

Plugin Information:
Publication date: 2003/02/13, Modification date: 2013/05/07

Hosts kupangkota.go.id (tcp/53) kupangkota.go.id (udp/53)

88

11414 (2) - IMAP Service Banner Retrieval Synopsis
An IMAP server is running on the remote host.

Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2003/03/18, Modification date: 2011/03/16

Hosts kupangkota.go.id (tcp/143)
The remote imap server banner is : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

kupangkota.go.id (tcp/993)
The remote imap server banner is : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. GET BAD Error in IMAP command received by server. * BAD Error in IMAP command received by server.

89

24260 (2) - HyperText Transfer Protocol (HTTP) Information Synopsis
Some information about the remote HTTP configuration can be extracted.

Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31

Hosts kupangkota.go.id (tcp/80)
Protocol version : HTTP/1.1 SSL : no Keep-Alive : yes Options allowed : (Not implemented) Headers : Date: Fri, 24 Jan 2014 01:23:18 GMT Server: Apache X-Pingback: http://kupangkota.go.id/xmlrpc.php Link: ; rel=shortlink Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

kupangkota.go.id (tcp/443)
Protocol version : HTTP/1.1 SSL : no Keep-Alive : yes Options allowed : (Not implemented) Headers : Date: Fri, 24 Jan 2014 01:23:23 GMT Server: Apache Last-Modified: Wed, 17 Jul 2013 16:05:26 GMT Accept-Ranges: bytes Content-Length: 111 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html

90

59861 (2) - Remote web server screenshot Synopsis
It was possible to take a 'screenshot' of the remote web server.

Description
This test renders the view of the remote web site's main page, as seen from within a web browser. This test is informational only and does not denote any security problem.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2013/03/29, Modification date: 2013/07/11

Hosts kupangkota.go.id (tcp/80)
It was possible to gather the following screenshot of the remote web site.

kupangkota.go.id (tcp/443)
It was possible to gather the following screenshot of the remote web site.

91

10028 (1) - DNS Server BIND version Directive Remote Version Disclosure Synopsis
It is possible to obtain the version number of the remote DNS server.

Description
The remote host is running BIND or another DNS server that reports its version number when it receives a special request, for the text 'version.bind' in the domain 'chaos'. This version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file.

Solution
It is possible to hide the version number of bind by using the 'version' directive in the 'options' section in named.conf

Risk Factor
None

References
XREF OSVDB:23

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/05/24

Hosts kupangkota.go.id (udp/53)
The version of the remote DNS server is : 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1

92

10092 (1) - FTP Server Detection Synopsis
An FTP server is listening on this port.

Description
It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution
N/A

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2013/03/08

Hosts kupangkota.go.id (tcp/21)
The remote FTP banner is : 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------220-You are user number 1 of 50 allowed. 220-Local time is now 09:15. Server port: 21. 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity.

93

10107 (1) - HTTP Server Type and Version Synopsis
A web server is running on the remote host.

Description
This plugin attempts to determine the type and the version of the remote web server.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/12/03

Hosts kupangkota.go.id (tcp/443)
The remote web server type is : Apache and the 'ServerTokens' directive is ProductOnly Apache does not offer a way to hide the server type.

94

10114 (1) - ICMP Timestamp Request Remote Date Disclosure Synopsis
It is possible to determine the exact time set on the remote host.

Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols. Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.

Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Risk Factor
None

References
CVE XREF XREF CVE-1999-0524 OSVDB:94 CWE:200

Plugin Information:
Publication date: 1999/08/01, Modification date: 2012/06/18

Hosts kupangkota.go.id (icmp/0)
The difference between the local and remote clocks is -6 seconds.

95

10267 (1) - SSH Server Type and Version Information Synopsis
An SSH server is listening on this port.

Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/10/24

Hosts kupangkota.go.id (tcp/22)
SSH version : SSH-2.0-OpenSSH_5.3 SSH supported authentication : publickey,gssapi-keyex,gssapi-with-mic,password

96

10287 (1) - Traceroute Information Synopsis
It was possible to obtain traceroute information.

Description
Makes a traceroute to the remote host.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11

Hosts kupangkota.go.id (udp/0)
For your information, here is the traceroute from 36.86.200.211 to 192.163.229.190 : 36.86.200.211 36.86.192.1 180.250.20.33 180.240.193.14 180.240.193.13 180.240.192.6 198.32.176.20 72.52.92.70 184.105.223.158 66.160.133.118 199.58.199.118 69.195.64.46 192.163.229.190

97

10881 (1) - SSH Protocol Versions Supported Synopsis
A SSH server is running on the remote host.

Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2002/03/06, Modification date: 2013/10/21

Hosts kupangkota.go.id (tcp/22)
The remote SSH daemon supports the following versions of the SSH protocol : - 1.99 - 2.0

SSHv2 host key fingerprint : 27:5b:ae:da:a9:c9:17:f9:27:6e:d5:6e:46:d6:d0:21

98

10884 (1) - Network Time Protocol (NTP) Server Detection Synopsis
An NTP server is listening on the remote host.

Description
An NTP (Network Time Protocol) server is listening on this port. It provides information about the current date and time of the remote system and may provide system information.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2002/03/13, Modification date: 2011/03/11

Hosts kupangkota.go.id (udp/123)

99

11936 (1) - OS Identification Synopsis
It is possible to guess the remote operating system.

Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name of the remote operating system in use. It is also sometimes possible to guess the version of the operating system.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2003/12/09, Modification date: 2013/09/03

Hosts kupangkota.go.id (tcp/0)
Remote operating system : Linux Kernel 3.10 Linux Kernel 3.5 Linux Kernel 3.8 Linux Kernel 3.9 Confidence Level : 59 Method : SinFP Not all fingerprints could give a match. If you think some or all of the following could be used to identify the host's operating system, please email them to os-signatures@nessus.org. Be sure to include a brief description of the host itself, such as the actual operating system or product / model names. HTTP:!:Server: Apache SinFP: P1:B10113:F0x12:W14600:O0204ffff:M1460: P2:B10113:F0x12:W14480:O0204ffff0402080affffffff4445414401030307:M1460: P3:B10120:F0x04:W0:O0:M0 P4:5202_7_p=2083R SMTP:!:220-genesis.bakatumu.com ESMTP Exim 4.82 #2 Fri, 24 Jan 2014 09:14:05 +0800 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. SSLcert:!:i/CN:genesis.bakatumu.comi/O:Unknowni/OU:Unknowns/CN:genesis.bakatumu.coms/O:Unknowns/ OU:Unknown 3554b0bbe44b5657970ae8164c40cab37cf60010 i/CN:genesis.bakatumu.comi/O:Unknowni/OU:Unknowns/CN:genesis.bakatumu.coms/O:Unknowns/OU:Unknown 3554b0bbe44b5657970ae8164c40cab37cf60010 SSH:!:SSH-2.0-OpenSSH_5.3

The remote host is running one of these operating systems : Linux Kernel 3.10 Linux Kernel 3.5 Linux Kernel 3.8 Linux Kernel 3.9

100

12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution Synopsis
It was possible to resolve the name of the remote host.

Description
Nessus was able to resolve the FQDN of the remote host.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2004/02/11, Modification date: 2012/09/28

Hosts kupangkota.go.id (tcp/0)
192.163.229.190 resolves as kupangkota.go.id.

101

19506 (1) - Nessus Scan Information Synopsis
Information about the Nessus scan.

Description
This script displays, for each tested host, information about the scan itself : - The version of the plugin set - The type of scanner (Nessus or Nessus Home) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - Whether credentialed or third-party patch management checks are possible - The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2005/08/26, Modification date: 2014/01/21

Hosts kupangkota.go.id (tcp/0)
Information about this scan : Nessus version : 5.2.4 (Nessus 5.2.5 is available - consider upgrading) Plugin feed version : 201401221915 Scanner edition used : Nessus Home Scan policy used : FUll2 Scanner IP : 36.86.200.211 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : Detected Allow post-scan editing: Yes Scan Start Date : 2014/1/24 9:12 Scan duration : 1631 sec

102

25220 (1) - TCP/IP Timestamps Supported Synopsis
The remote service implements TCP timestamps.

Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.

See Also http://www.ietf.org/rfc/rfc1323.txt Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2007/05/16, Modification date: 2011/03/20

Hosts kupangkota.go.id (tcp/0)

103

35371 (1) - DNS Server hostname.bind Map Hostname Disclosure Synopsis
The DNS server discloses the remote host name.

Description
It is possible to learn the remote host name by querying the remote DNS server for 'hostname.bind' in the CHAOS domain.

Solution
It may be possible to disable this feature. Consult the vendor's documentation for more information.

Risk Factor
None

Plugin Information:
Publication date: 2009/01/15, Modification date: 2011/09/14

Hosts kupangkota.go.id (udp/53)
The remote host name is : genesis.bakatumu.com

104

39520 (1) - Backported Security Patch Detection (SSH) Synopsis
Security patches are backported.

Description
Security patches may have been 'backported' to the remote SSH server without changing its version number. Banner-based checks have been disabled to avoid false positives. Note that this test is informational only and does not denote any security problem.

See Also http://www.nessus.org/u?d636c8c7 Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/06/25, Modification date: 2013/04/03

Hosts kupangkota.go.id (tcp/22)
Give Nessus credentials to perform local checks.

105

42085 (1) - IMAP Service STARTTLS Command Support Synopsis
The remote mail service supports encrypting traffic.

Description
The remote IMAP service supports the use of the 'STARTTLS' command to switch from a plaintext to an encrypted communications channel.

See Also http://en.wikipedia.org/wiki/STARTTLS http://tools.ietf.org/html/rfc2595

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/10/09, Modification date: 2011/03/10

Hosts kupangkota.go.id (tcp/143)
Here is the IMAP server's SSL certificate that Nessus was able to collect after sending a 'STARTTLS' command : ------------------------------ snip -----------------------------Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99

EE FC A1 42 FB B3 FC

72 20 CA B4 6B 2E DD

8B 77 94 C3 39 84 A9

A1 C1 91 EF 85 7D C1

E2 F5 2C 8C 03 37 46

68 54 99 F2 B6 B7 E9

40 B8 16 54 CE 13 EE

A1 88 4F A8 11 DC 0D

A8 1C 20 FF 43 71 10

B4 9B B1 2D A9 56 FD

A6 8C 7F C1 59 09 21

08 71 62 21 07 B1 43

41 5F FE 5B 72 FC 4D

0F 3C 89 CF 81 3F 74

E8 16 41 BE 1B 84 2A

106

42 D1 BF FC 2D D5 6E 8D 4E D2 45 95 AA C6 A9 D5 AF BC Exponent: 01 00 01

BC 50 97 15 AF 85

F7 59 B2 9B 26 22

B9 AF 53 0C 7C C8

2F EB F4 30 B6 B2

3F 31 2B C3 68 C5

1F 2A 78 88 D2 5A

E8 E4 CB 05 7B 59

CD F0 55 E5 0D D0

ED C4 BC 7A F5 7E

A6 F9 24 2B BF DB

E8 63 2E 48 0F BF

DA 80 21 9D 13 29

ED 31 F0 06 06 5F

1F CE E7 4D C2 03

89 33 E3 6B 92

ED C5 40 36 94

C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B [...]

bits C3 18 1D F5 AB ED 2A 9D 62 2F 9A FE F5 DB E7 5D F5 22 6B DD 0A F8 E0 A9 CB 72 0E DE 8E D7 1A 13 3B 02 FC DF

107

42087 (1) - POP3 Service STLS Command Support Synopsis
The remote mail service supports encrypting traffic.

Description
The remote POP3 service supports the use of the 'STLS' command to switch from a plaintext to an encrypted communications channel.

See Also http://en.wikipedia.org/wiki/STARTTLS http://tools.ietf.org/html/rfc2595

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/10/09, Modification date: 2011/03/10

Hosts kupangkota.go.id (tcp/110)
Here is the POP3 server's SSL certificate that Nessus was able to collect after sending a 'STLS' command : ------------------------------ snip -----------------------------Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 00 DD 58 E9 B6 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:28 2013 GMT Not Valid After: Jul 12 07:53:28 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 CD 51 21 20 17 EA 00 CC 80 93 0C 93 DB 61 3E C7 E0 35 36 75 9A B3 B7 E6 60 4B C8 60 B0 29 CA 94 99 99

EE FC A1 42 FB B3 FC

72 20 CA B4 6B 2E DD

8B 77 94 C3 39 84 A9

A1 C1 91 EF 85 7D C1

E2 F5 2C 8C 03 37 46

68 54 99 F2 B6 B7 E9

40 B8 16 54 CE 13 EE

A1 88 4F A8 11 DC 0D

A8 1C 20 FF 43 71 10

B4 9B B1 2D A9 56 FD

A6 8C 7F C1 59 09 21

08 71 62 21 07 B1 43

41 5F FE 5B 72 FC 4D

0F 3C 89 CF 81 3F 74

E8 16 41 BE 1B 84 2A

108

42 D1 BF FC 2D D5 6E 8D 4E D2 45 95 AA C6 A9 D5 AF BC Exponent: 01 00 01

BC 50 97 15 AF 85

F7 59 B2 9B 26 22

B9 AF 53 0C 7C C8

2F EB F4 30 B6 B2

3F 31 2B C3 68 C5

1F 2A 78 88 D2 5A

E8 E4 CB 05 7B 59

CD F0 55 E5 0D D0

ED C4 BC 7A F5 7E

A6 F9 24 2B BF DB

E8 63 2E 48 0F BF

DA 80 21 9D 13 29

ED 31 F0 06 06 5F

1F CE E7 4D C2 03

89 33 E3 6B 92

ED C5 40 36 94

C9 15 EA 61 33

Signature Length: 256 bytes / 2048 Signature: 00 6E 3B F8 4B 52 F0 6C BB 23 B7 06 2D 84 FA E3 D1 1A 07 9F 98 13 48 4A 51 14 3B 8C E [...]

bits C3 18 1D F5 AB ED 2A 9D 62 2F 9A FE F5 DB E7 5D F5 22 6B DD 0A F8 E0 A9 CB 72 0E DE 8E D7 1A 13 3B 02 FC DF

109

42149 (1) - FTP Service AUTH TLS Command Support Synopsis
The remote directory service supports encrypting traffic.

Description
The remote FTP service supports the use of the 'AUTH TLS' command to switch from a plaintext to an encrypted communications channel.

See Also http://en.wikipedia.org/wiki/STARTTLS http://tools.ietf.org/html/rfc4217

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/10/15, Modification date: 2011/03/11

Hosts kupangkota.go.id (tcp/21)
Here is the FTP server's SSL certificate that Nessus was able to collect after sending a 'AUTH TLS' command : ------------------------------ snip -----------------------------Subject Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Issuer Name: Country: US State/Province: Unknown Locality: Unknown Organization: Unknown Organization Unit: Unknown Common Name: genesis.bakatumu.com Email Address: ssl@genesis.bakatumu.com Serial Number: 01 3F 9E E9 FB Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jul 12 07:53:24 2013 GMT Not Valid After: Jul 12 07:53:24 2014 GMT Public Key Info: Algorithm: RSA Encryption Key Length: 2048 bits Public Key: 00 DB CA D9 89 A2 A2 97 FF 73 4C 16 EA 1B 45 67 DB C3 9D 84 5E 98 34 F4 6D 3F 0C EE C0 98 D5 FD 71 D7 DE

9A 34 7F 04 00 9D FB

FE F3 BC D9 4B 84 21

AB C2 4D 9B A6 25 FD

0C 5B 32 27 E3 A1 84

AC 55 9C 7D BB 2E 58

35 84 95 B4 28 4E 23

9D 36 50 F4 EF DA 5F

74 AC DB FC C4 6B 43

A5 20 FC C2 3B 5E 97

F2 C5 11 E2 82 4A 86

CC 9E 4C AF B6 44 C4

28 D4 8A D1 C7 83 C2

8C 90 43 4C 35 EC B8

F0 22 72 C7 8F 05 1E

1C A1 00 73 81 3A 1B

110

19 01 53 0B 1D AC BB 19 2D 55 56 62 D7 B4 84 87 22 A0 Exponent: 01 00 01

E1 5C 61 10 93 AF

9A 2F 07 12 79 29

C9 33 4D 99 D4 97

54 57 95 6B 2F 70

35 67 83 BA EF AB

23 4C C8 A0 23 61

63 08 5D 97 AA 57

59 D6 3D 77 C4 34

6C 49 1E 87 CD 1B

4B 87 41 8E 05 9C

93 A3 E2 44 DF 3C

48 1E AF 2C D4 25

69 3E 89 2E DC B5

00 A9 BB E1 58 DB

D3 40 D9 42 4A

42 77 DE 22 09

18 E6 73 FB CC

Signature Length: 256 bytes / 2048 Signature: 00 88 F8 F2 B3 95 BC FA DF EC 48 72 4A C4 74 00 7F 78 12 C4 9B C7 06 54 FF 88 02 3 [...]

bits A2 41 BC 49 20 EC E0 04 EB 00 95 AC F7 0F 83 95 45 FD EF FF 40 4B 57 37 38 3B 12 BE 07 9B 1D 8A 6F 4B 6C F2

111

43111 (1) - HTTP Methods Allowed (per directory) Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.

Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09

Hosts kupangkota.go.id (tcp/443)
Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST are allowed on : /

112

45590 (1) - Common Platform Enumeration (CPE) Synopsis
It is possible to enumerate CPE names that matched on the remote system.

Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

See Also http://cpe.mitre.org/ Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2010/04/21, Modification date: 2014/01/06

Hosts kupangkota.go.id (tcp/0)
The remote operating system matched the following CPE's : cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.5 cpe:/o:linux:linux_kernel:3.8 cpe:/o:linux:linux_kernel:3.9 Following application CPE's matched on the remote system : cpe:/a:openbsd:openssh:5.3 -> OpenBSD cpe:/a:isc:bind:9.8.2rc1:redhat OpenSSH 5.3

113

46180 (1) - Additional DNS Hostnames Synopsis
Potential virtual hosts have been detected.

Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web servers may be hosted on name- based virtual hosts.

See Also http://en.wikipedia.org/wiki/Virtual_hosting Solution
If you want to test them, re-scan using the special vhost syntax, such as : www.example.com[192.0.32.10]

Risk Factor
None

Plugin Information:
Publication date: 2010/04/29, Modification date: 2013/01/21

Hosts kupangkota.go.id (tcp/0)
The following hostnames point to the remote host: - genesis.bakatumu.com

114

54615 (1) - Device Type Synopsis
It is possible to guess the remote device type.

Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2011/05/23, Modification date: 2011/05/23

Hosts kupangkota.go.id (tcp/0)
Remote device type : general-purpose Confidence level : 59

115

70657 (1) - SSH Algorithms and Languages Supported Synopsis
An SSH server is listening on this port.

Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.

Solution n/a Risk Factor
None

Plugin Information:
Publication date: 2013/10/28, Modification date: 2013/12/19

Hosts kupangkota.go.id (tcp/22)
Nessus negotiated the following encryption algorithm with the server : aes128-cbc The server supports the following options for kex_algorithms : diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 The server supports the following options for server_host_key_algorithms : ssh-dss ssh-rsa The server supports the following options for encryption_algorithms_client_to_server : 3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The server supports the following options for encryption_algorithms_server_to_client : 3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The server supports the following options for mac_algorithms_client_to_server : hmac-md5 hmac-md5-96

116

hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 umac-64@openssh.com The server supports the following options for mac_algorithms_server_to_client : hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 umac-64@openssh.com The server supports the following options for compression_algorithms_client_to_server : none zlib@openssh.com The server supports the following options for compression_algorithms_server_to_client : none zlib@openssh.com

117

Similar Documents

Premium Essay

Lab 2

...IS3110 Lab #2: Assessment Worksheet Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls Student Name: _____________________________________________________________ 1. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities) a. b. c. d. e. 2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected? • PO9.1 IT Risk Management Framework • PO9.2 Establishment of Risk Context • PO9.3 Event Identification • PO9.4 Risk Assessment • PO9.5 Risk Response • PO9.6 Maintenance and Monitoring of a Risk Action Plan 3. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality – integrity – availability: Confidentiality Integrity Availability a. b. c. d. e. 4. For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure? 5. For each of the threats and vulnerabilities from Lab #1 – (List at Least 3 – No More than 5), assess the risk impact or risk factor that it has on your organization in the following areas: a....

Words: 469 - Pages: 2

Premium Essay

Lab 2 Ist

...Lab 2 - Align Risks, Threats, and Vulnerabilities to COBIT PO9 Risk Mgmt. Controls Part 1 4. Discuss the primary goal of the COBIT v4.1 framework. Provide a basic description of cobit. * The purpose of Control Objectives for Information and related Technology (COBIT) is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems. 5. Explain the major objective of the Control area (COBIT 4.1 Controls Collaboration link on the left side of the COBIT website) * “The COBIT Controls area within ISACA's Knowledge Center promotes collaboration and sharing of information, solutions and experience among COBIT users.” 6. From the COBIT Domains and Control Objectives section, list each of the types of control objectives and briefly describe them based on the descriptions on the website. * Plan and Organize – “This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realization of the strategic vision needs to be planned, communicated and managed for different perspectives....

Words: 4162 - Pages: 17

Premium Essay

Is3110T Lab 2 Assessment Worksheet

...Workstation OS has a known software vulnerability – Define a...

Words: 934 - Pages: 4

Free Essay

Is3110

...Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains. 1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities. 2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon. 3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such. 4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform? Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace route 5....

Words: 870 - Pages: 4

Premium Essay

Is3110

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer......

Words: 1102 - Pages: 5

Free Essay

Managing Risk in Information Systems

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer......

Words: 640 - Pages: 3

Premium Essay

Understanding Nist 800‐37  Fisma Requirements 

...White Paper                 Understanding NIST 800‐37  FISMA Requirements              Contents    Overview ................................................................................................................................. 3  I. The Role of NIST in FISMA Compliance ................................................................................. 3  II. NIST Risk Management Framework for FISMA ..................................................................... 4  III. Application Security and FISMA .......................................................................................... 5  IV. NIST SP 800‐37 and FISMA .................................................................................................. 6  V. How Veracode Can Help ...................................................................................................... 7  VI. NIST SP 800‐37 Tasks & Veracode Solutions ....................................................................... 8  VII. Summary and Conclusions ............................................................................................... 10  About Veracode .................................................................................................................... 11                                      © 2008 Veracode, Inc.  2        Overview  The Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § ......

Words: 2451 - Pages: 10

Premium Essay

Risk, Threats, and Vulnerabilties

...Course textbook Learning Objectives and Outcomes You will: * Explain how to assess risks, threats, and vulnerabilities * Evaluate potential outcomes of a malware attack and exposure of confidential information * Evaluate information systems security countermeasures * Explain how system hardening relates to a company’s IT security policy framework * Analyze the purposes of system hardening * Analyze security events * Evaluate information systems security activities in terms of business contributions Introduction Contemporary organizations collect, store, and transmit a tremendous amount of highly sensitive data. Despite the many benefits that information technology offers, these systems are not completely secure. Proper...

Words: 665 - Pages: 3

Premium Essay

Lab 2

...Explore the hierarchy for assessing and managing IT risks: • Step #1: Align the risk, threat or vulnerability assessment to C-I-A primary first and assess • Step #2: Align the risk, threat, or vulnerability remediation to Effectiveness, Efficiency, Compliance, and Reliability secondary • Step #3: Assess the risk impact for each threat or vulnerability in the following focus areas: o Information – What is the risk impact? How can this be mitigated? How can this be managed? o Applications – What is the risk impact? How can this be mitigated? How can this be managed? o Infrastructure – What is the risk impact? How can this be...

Words: 381 - Pages: 2

Free Essay

Rsca Scale

...Resiliency Scales for Children and Adolescents A critical review Katie Waghorn West Virginia University March 14, 2014 Author’s Note This paper was prepared for COUN 505 taught by Dr. Tina Walsh Introduction Resilience is a complex construct with many definitions. Most frequently, resilience can be defined as one’s ability to “bounce back” from an adverse situation. It is “interactive and contextual” (Prince-Embury & Saklofske, 2013, pg.19). However, some believe resiliency is a personality trait. There is some aversion to the use of resiliency, however, as it gives the impression that some are better than others. Resilience is applicable to both adults and children. This paper will focus on the childhood aspect of resilience. Over the years, it has been a topic of interest among researchers as to how some children manage to overcome adversity and thrive, while others suffer psychological and physical distress. As a result, much of the early research carried out on resilience looked at “three sets of factors implicated in the development of resilience: (1) attributes of the children themselves, (2) aspects of their families, and (3) characteristics of their wider social environments” (Vanderbilt-Adriance & Shaw, 2008, pg. 31). Recently, research has shifted from identifying key characteristics of resilient children to understanding how these factors affect a child’s ability to handle adversity. Despite extensive research on the subject, there is still......

Words: 3734 - Pages: 15

Premium Essay

Risk Managment

...• Develop practical technical recommendations to address the vulnerabilities identified, and reduce the level of security risk.” 1 The Operational Risk Framework is...

Words: 752 - Pages: 4

Premium Essay

Risk Assessment in Information Technology

...It will also assess the risk factors that are inclusive for the Company and give the assumptions related to the security data as well as regulatory issues surrounding risk assessment. In addressing the global implications, the paper will propose network security vulnerabilities and recommend the mitigation measures for the vulnerabilities. Cryptography recommendations based on data driven decision-making will be assessed, and develop risk assessment methodologies. Risk assessment in Information Technology Risk assessment is one of the mitigation methods for the Networks design. The scanners or vulnerability tools are used to identify the risks or vulnerabilities within the network design. The risks can be identified by these tools as they extend beyond software detects to incorporate other easily vulnerabilities including mis-configurations (Rouse, 2010). The shareware assessment tools are accessible online and can be used to supplement commercial scanners. Framework of risk assessment * Step 1 – categorizing information and information systems. Here unique department traits are highlighted and assigned impact levels (high, medium or low) in line with the security FISMA’s security objectives (confidentiality, integrity and availability). * Step 2 – security control families; common, hybrid, and system-specific security controls; tailoring and the identification of control enhancements....

Words: 3240 - Pages: 13

Free Essay

Window of Vulnerablity

...window of vulnerability ITT tech | Window of Vulnerability | Review of unauthorized access to SMB server. | | Cory Reiss | 4/1/2014 | This is the Window of Vulnerability For a patch to a newly discovered exploit residing in manufacturer software. | The security breach was detected by the server software manufacturer and a patch is currently being worked on. This vulnerability affects the SMB server giving access to an unauthorized user. The estimated time for the patch to be completed is three days with 7 additional days required for testing and executing the patch. There has been no documented timeline on when the security exploit was established, discovered, or executed. From discovery of the breach yesterday to final completion of fix there is a window of vulnerability consisting of 11 days. From the information presented the exploit only affects the SMB server. If the unauthorized user is able to run an interactive shell this should not be taken likely. Recommended procedure should be to block access on ports defined or suspend the server if possible. Access to SMB can put all of your files at risk and an aftermarket firewall blocking all IP ranges not specified in the workgroup should lower and impede the effectiveness of the exploit. Scans should be run to assess the possibility of injected code or malware. Someone skilled in security forensics should be deployed to assess the files affected or viewed....

Words: 260 - Pages: 2

Premium Essay

Risk Assesment Plan

...The risk management plan will identify potential risk, assess individual risk and its impact on performance, cost, and schedule of the overall project and develop an action plan that handles individual risk. RISK PLAN OBJECTIVES The scope of this risk assessment assessed the system’s use of resources and controls (implemented or planned) to eliminate and/or manage vulnerabilities exploitable by threats internal and external to the Project. If exploited, these vulnerabilities could result in: • Unauthorized disclosure of data • Unauthorized modification to the system, its data, or both • Denial of service, access to data, or both to authorized users This Risk Assessment Report evaluates the confidentiality (protection from unauthorized disclosure of system and data information), integrity (protection from improper modification of information), and availability (loss of system access) of the system. Recommended security safeguards will allow management to make decisions about security-related initiatives. PROJECT RISKS This risk assessment methodology and approach was conducted using the guidelines in NIST SP 800-30, Risk Management Guide for Information Technology Systems. The assessment is broad in scope and evaluates security vulnerabilities affecting confidentiality, integrity, and availability. The assessment recommends appropriate security safeguards, permitting management to make knowledge-based decisions about security-related initiatives....

Words: 1565 - Pages: 7

Premium Essay

Is4550 Week 5 Lab

...------------------------------------------------- Week 5 Laboratory: Part 1 Part 1: Assess and Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap....

Words: 1625 - Pages: 7