The Poodle detection NVT:
http://plugins.openvas.org/nasl.php?oid=802087
checks for TLS_Fallback_SCSV, which is a fallback prevention for TLS1+
protocol that helps protect from downgrade attack that could enable POODLE
on TLS1+, except it seems to exit prematurely if TLS_Fallback_SCSV is
supported, even if SSLv3 is supported.
This looks as if TLS_Fallback_SCSV was treated as a remediation for POODLE
even on SSLv3, which it is not (it only helps for TLS1+).
The code in question is as follows:
## Vulnerable to POODLE attack if any CBC ciphers are supported
if (res == "SSLv3_SUPPORTED"){
if( _check_tls_fallback_scsv() )
{
set_kb_item( name:"poodle_tls_fallback_scsv", value:TRUE );
set_kb_item( name:"poodle_tls_fallback_scsv/port", value:ssl_port );
exit( 99 );
}
security_message(ssl_port);
exit( 0 );
}
Maybe the TLS_Fallback_SCSV kb item should be set elsewhere in the NVT and
not affect the result of this NVT ?
_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
