NSClient++ Having Mutiple Security Vulnerablities

Question

NSClient++ Having Mutiple Security Vulnerablities

ext-im opened this issue 4 years ago · 2 comments

Issue and Steps to Reproduce

Describe your issue and tell us how to reproduce it.

When we performed the scan using Nessus we discovered the NSClient++ is having multiple security vulnerabilities. We are still using the latest version of NSClient which is 0.5.2.35

PLEASE PROVIDE COMMAND HERE

Expected Behavior

Can someone provide a solution how to fix these vulnerabilities?

Actual Behavior

SSL Medium Strength Cipher Suites Supported (SWEET32)
HIGH SSL Certificate Signed Using Weak Hashing Algorithm
SSL Certificate Cannot Be Trusted
SSL Self-Signed Certificate
OpenSSL AES-NI Padding Oracle MitM Information Disclosure

Details

NSClient++ version: 0.5.2.35
OS and Version: Windows Server 2012
Checking from: Centreon, Icinga, OP5, ...
Checking with: check_nrpe, check_nt, ...

Additional Details

CVE-2004-2761: https://www.tenable.com/plugins/nessus/35291
CVE-2016-2183: https://www.tenable.com/plugins/nessus/42873
https://www.tenable.com/plugins/nessus/51192
https://www.tenable.com/plugins/nessus/57582
CVE-2016-2107: https://www.tenable.com/plugins/nessus/91572

PLEASE PASTE LOG HERE

CVE-2004-2761: https://www.tenable.com/plugins/nessus/35291
CVE-2016-2183: https://www.tenable.com/plugins/nessus/42873
https://www.tenable.com/plugins/nessus/51192
https://www.tenable.com/plugins/nessus/57582
CVE-2016-2107: https://www.tenable.com/plugins/nessus/91572

Answer 1 · 2021-04-11T04:32:59.000Z

ext-im commented 4 years ago

Answer 2 · 2021-04-11T04:37:43.000Z

I have posted all the Output which were flagged from the Nessus scanning tool. These were the security vulnerabilities listed for the current version of NSclinet++, is it possible to fix these vulnerabilities ?