Am 24.07.2014 13:07, schrieb Eero Volotinen: > 2014-07-24 13:52 GMT+03:00 Reindl Harald <[email protected] > <mailto:[email protected]>>: > > Am 24.07.2014 12:42, schrieb Jan-Oliver Wagner: > > On Donnerstag, 24. Juli 2014, Eero Volotinen wrote: > >> ssl certificate for wiki.openvas.org <http://wiki.openvas.org> is not > in processing .. looks like > >> wiki.openvas.org <http://wiki.openvas.org> is not working at this > moment? > > > > I can access wiki.openvas.com <http://wiki.openvas.com> and also via > wiki.openvas.org <http://wiki.openvas.org> > > maybe you should care for the CN and not install a > random wildcard cert for a different domain > > https://filippo.io/Heartbleed/#wiki.openvas.com > Uh-oh, something went wrong: x509: certificate is valid for > *.red-net.info <http://red-net.info>, not > wiki.openvas.com <http://wiki.openvas.com> > If you know what you are doing, tick the ignore certificates box. > Otherwise please try again! > > > And server is missing critical openssl security patchies? oh no ..
how *laughable is that* develop a security scanner and not patch the own wiki of the scanner software? what about running OpenVAS on servers for the own domain? https://www.ssllabs.com/ssltest/analyze.html?d=wiki.openvas.org&ignoreMismatch=on Experimental: This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F. This server is vulnerable to the Heartbleed attack. Grade set to F. The server does not support Forward Secrecy with the reference browsers. MORE INFO ยป
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
