caskin
xxx.xxx.11.67 The server’s certificate is not valid for the hostname. Cert is issued to mail.example.com, but you can reach the https certificate through this IP
address. The hostname is technically not covered by the cert.
Nmap Warnings: 64-bit block cipher 3DES vulnerable to SWEET32 attack
Broken cipher RC4 is deprecated by RFC 7465
Ciphersuite uses MD5 for message integrity
Key exchange (dh 1024) of lower strength than certificate key
xxx.xxx.11.82 HSTS is not enforced. The application fails to prevent users from connecting to it over unencrypted
connections. This opens the possibility of man-in-the-middle attacks performed on the
site by users who visit unencrypted links. To remedy this, add a response header with the
name
“Strict
-Transport-S
ecurity” with an acceptable max
-age expiration time.
Nmap Warnings: 64-bit block cipher 3DES vulnerable to SWEET32 attack
Broken cipher RC4 is deprecated by RFC 7465
Ciphersuite uses MD5 for message integrity
Key exchange (dh 1024) of lower strength than certificate key
Key exchange (secp256r1) of lower strength than certificate key
PEN TEST REPORT: EXAMPLE INSTITUTE
JANUARY 1, 2020
20
sales@purplesec.us
xxx.xxx.119.235
Nmap Warnings: 64-bit block cipher 3DES vulnerable to SWEET32 attack
64-bit block cipher IDEA vulnerable to SWEET32 attack
Key exchange (secp256r1) of lower strength than certificate key
PEN TEST REPORT: EXAMPLE INSTITUTE
JANUARY 28, 2019
CONFIDENTIAL
