-
SSL/TLS Version Detection
Disclosure Date: 2014-10-14First seen: 2022-12-23auxiliary/scanner/ssl/ssl_versionCheck if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST. Authors: - todb <todb@metasploit.com> - et <et@metasploit.com> - Chris John Riley - Veit Hailperin <hailperv@gmail.com> - h00die -
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
Disclosure Date: 2014-06-05First seen: 2020-04-26auxiliary/scanner/ssl/openssl_ccsThis module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014. Authors: - Masashi Kikuchi - Craig Young <CYoung@tripwire.com> - juan vazquez <juan.vazquez@metasploit.com>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details