mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-02 16:53:25 +08:00
32 lines
1.3 KiB
YAML
32 lines
1.3 KiB
YAML
id: weak-ssl-tls-protocols-enabled
|
|
|
|
info:
|
|
name: Weak SSL/TLS Protocols Enabled
|
|
author: princechaddha
|
|
severity: critical
|
|
description: Checks if weak SSL/TLS protocols (such as SSLv2 or SSLv3) are enabled on the system.
|
|
impact: |
|
|
Weak SSL/TLS protocols are vulnerable to attacks, which could compromise the confidentiality and integrity of communications.
|
|
remediation: |
|
|
Disable weak SSL/TLS protocols like SSLv2 and SSLv3 and enforce the use of stronger versions such as TLS 1.2 or higher.
|
|
tags: windows,ssl,tls,protocol,code,windows-audit
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- pre-condition: |
|
|
IsWindows();
|
|
engine:
|
|
- powershell.exe
|
|
args:
|
|
- -ExecutionPolicy
|
|
- Bypass
|
|
pattern: "*.ps1"
|
|
source: |
|
|
$protocols = Get-ChildItem -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols' -ErrorAction SilentlyContinue; if ($protocols.Name -contains 'SSL 2.0' -or $protocols.Name -contains 'SSL 3.0') { Write-Output 'Weak SSL/TLS protocols enabled'; }
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Weak SSL/TLS protocols enabled"
|
|
# digest: 4b0a00483046022100cf1c0b5be9b792058c1770dd5965a88da3c9487acabe2424693b234d549ab21a022100d35219e610f3c86080d975a4ff25a2f849fb10e67f231b4d4b60a9dbf6516bc2:922c64590222798bb761d5b6d8e72950 |