Crypto on this site is broken and is likely not to provide enough security.
Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.
-
|
virtualmin.com | 198.154.100.99 | 2024-04-18 16:33:02 UTC | ||
-
|
jamie.cloud.virtualmin.com | 108.60.199.109 | 2024-04-18 16:33:02 UTC | ||
-
|
ns.cloud.virtualmin.com | 108.60.199.108 | 2024-04-18 16:33:02 UTC | ||
-
|
ns2.cloud.virtualmin.com | 108.60.199.116 | 2024-04-18 16:33:02 UTC | ||
-
|
docs.virtualmin.com | 198.154.100.100 | 2024-04-18 16:33:02 UTC | ||
-
|
ftp.virtualmin.com | 108.60.199.107 | 2024-04-18 16:33:02 UTC | ||
D
|
software.virtualmin.com | 149.28.242.101 | 2024-04-18 16:33:02 UTC | ||
-
|
software2.virtualmin.com | 163.172.162.254 | 2024-04-18 16:33:03 UTC | ||
-
|
srv1.virtualmin.com | 108.60.199.106 | 2024-04-18 16:33:03 UTC |
Below we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading. To see the full details of the cryptography offered by a service, click on "show details".
IP address | 198.154.100.99 |
---|---|
Last scan | 2024-04-18 16:33:02 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.109 |
---|---|
Last scan | 2024-04-18 16:33:02 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.108 |
---|---|
Last scan | 2024-04-18 16:33:02 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.116 |
---|---|
Last scan | 2024-04-18 16:33:02 UTC |
No service that could be analyzed detected on this machine.
IP address | 198.154.100.100 |
---|---|
Last scan | 2024-04-18 16:33:02 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.107 |
---|---|
Last scan | 2024-04-18 16:33:02 UTC |
No service that could be analyzed detected on this machine.
IP address | 149.28.242.101 |
---|---|
Last scan | 2024-04-18 16:33:02 UTC |
Versions | TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2018-07-27 06:18:54 UTC |
Certificate expiration date | 2018-08-26 06:18:54 UTC |
Certificate serial number | 10016193776172319625 |
Certificate issuer | CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA |
Certificate subject | CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA |
Trigger | The expiration date of this certificate is 2018-08-26 06:18:54 UTC. |
---|---|
Context |
Each certificate defines a validity period. Outside of this period, it is not valid. In particular, no revocation information will be kept about an expired certificate. |
Trigger | The server supports a cipher suite containing the RC4 cipher. |
---|---|
Context |
RC4 is a stream cipher in which significant weaknesses have been found. The use of this cipher in any protocol has been discouraged by ECRYPT as of 2014 (ECRYPT 2016 report). In TLS, cipher suites using RC4 have been deprecated as of February 2015 (RFC 7465). |
Trigger | The server supports a cipher suite containing the 3DES cipher. |
---|---|
Context |
Three-key-3DES is a cipher with 168-bit keys but an effective key length of 112 bits because of a meet-in-the-middle attack. This is considered enough only for legacy. Furthermore, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). |
Trigger | The server uses a 2048-bit RSA key. |
---|---|
Context |
RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems. |
Trigger | The server uses a commonly-shared 2048-bit Diffie-Hellman group. |
---|---|
Context |
Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org). |
Trigger | TLS 1.0 among the protocols offered by TLS server. |
---|---|
Context |
TLS 1.0 is discouraged by PCI-DSS and has been considered non-compliant since June 2018 (PCI-DSS v3.2). |
Trigger | SSL 2.0 not among the protocols offered by TLS server. |
---|---|
Context |
SSL 2.0 has been officially deprecated as of March 2011 (RFC 6176). |
Trigger | SSL 3.0 not among the protocols offered by TLS server. |
---|---|
Context |
SSL 3.0 has been officially deprecated as of June 2015 (RFC 7568). |
Trigger | The server doesn't support any cipher suites containing the DES cipher. |
---|---|
Context |
DES is a cipher with an effective key length of 56 bits, which is now considered too weak by many agencies, including ECRYPT and NIST (ECRYPT 2016 report, NIST SP 800-57, Part 1, Rev. 3). |
Trigger | The server doesn't support any cipher suites containing the NULL cipher. |
---|---|
Context |
Application data is not encrypted when the NULL cipher is used, exposing it to eavesdroppers. |
Trigger | The server doesn't support any EXPORT cipher suites. |
---|---|
Context |
For legacy reasons, some TLS cipher suites are composed of export-grade cryptography, which is insecure by today's standards. Furthermore, servers that accept EXPORT cipher suites may be vulnerable to the FREAK (freakattack.com) or the Logjam (weakdh.org) downgrade attacks. |
Trigger | The hash used for the certificate is SHA-256. |
---|---|
Context |
The hash function used on certificate signatures must be cryptographically secure in order for the certificate not to be forgeable. Hash functions MD2 and MD5 are considered to be broken. SHA-1 certificates are in the process of being deprecated because of their weaknesses although many browsers and websites still support them. The SHA-2 family of functions (SHA-224, SHA-256, ...) are a safe alternative. |
Trigger | The server supports TLS Fallback SCSV. |
---|---|
Context |
TLS Fallback SCSV (RFC 7507) enables a server to determine whether a protocol version downgrade by the client is legitimate. If this mechanism is not supported, an attacker could make both endpoints choose a lower protocol version they both support, probably resulting in a less secure connection. |
Trigger | The server supports some cipher suites that provide forward secrecy. |
---|---|
Context |
Forward secrecy is achieved when the security of session keys is not affected by a compromise of long-term keys. In TLS, forward secrecy is enabled by DHE, ECDHE and DH_anon cipher suites. They protect past communications from a compromise of a long-term key (such as an RSA key). |
Trigger | The server is not vulnerable to DROWN. |
---|---|
Context |
A server is vulnerable to the "General DROWN" attack when it supports, willingly or not, weak SSLv2 cipher suites. A server is vulnerable to the even more powerful "Special DROWN" attack when it is affected by CVE-2016-0703. DROWN may affect any TLS server (even with TLS 1.2 and on a different machine) which uses the same RSA key as the vulnerable SSLv2 server (drownattack.com). |
Trigger | The server is not vulnerable to ROBOT. |
---|---|
Context |
ROBOT (https://robotattack.org/) is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. It affects vulnerable server implementations that also allow the use of RSA encryption (e.g. TLS_RSA cipher suites). |
Trigger | The start date of this certificate is 2018-07-27 06:18:54 UTC. |
---|---|
Context |
Each certificate defines a validity period. Outside of this period, it is not valid. A validity start date in the future is a sign that the certificate is bogus or that the system that generated it has a desynchronized clock. |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
The CRIME vulnerability (also known as CVE-2012-4929) happens when TLS compression is enabled. An attacker can get information about sensitive data in pages by observing the size of compressed responses. Using this, it is possible to impersonate users by retrieving their session cookies. This exploit has been demonstrated on HTTPS, but the weakness is fundamental to compression in TLS and may be exploitable in non-HTTP services. |
Trigger | This service does not support any anonymous cipher suite. |
---|---|
Context |
Each cipher suite describes how server authentication is done. Anonymous cipher suites tell the client not to authenticate the server. They should thus not be used unless server authentication is not required, as is usually the case for SMTP servers. |
Trigger | The server is not vulnerable to Heartbleed. |
---|---|
Context |
The OpenSSL Heartbleed bug (heartbleed.com, CVE-2014-0160) allows secrets including the server's private key to be extracted in the clear. |
High level description |
In some configurations of TLS, it is possible for an attacker with sufficient access to mount a MITM attack that gives him the ability to decrypt and modify all the traffic between the server and the client. |
---|---|
Representation |
|
High level description |
In some configurations of TLS a padding oracle might be present on the server. This makes it possible for an attacker with sufficient access to partially decrypt the information sent from the client to the server. |
---|---|
Representation |
|
High level description |
In some configurations of TLS, it is possible for an attacker with sufficient access to decrypt the Master Secret and thus the rest of the TLS stream. |
---|---|
Representation |
|
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
Trigger | The server supports the "diffie-hellman-group1-sha1" algorithm. |
---|---|
Context |
The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253). For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org). Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. |
Fix | Log in to get remediation advice |
Trigger | The server supports the 3DES cipher. |
---|---|
Context |
Three-key-3DES is a cipher with 168-bit keys but an effective key length of 112 bits because of a meet-in-the-middle attack. This is considered enough only for legacy. Furthermore, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). In SSH, there seem to be no advantage to using 3DES over more secure and more supported ciphers. |
Fix | Log in to get remediation advice |
Trigger | The server supports the Blowfish cipher. |
---|---|
Context |
Blowfish is a block cipher with a 64-bit block size. In SSH, Blowfish is used with 128-bit keys. However, its 64-bit block size, can be insufficient for some applications, for example because of birthday attacks (sweet32.info). There are also some cryptanalytic results on reduced-round versions (though no practical attacks). There seem to be no advantage to using it over more secure and more widely supported ciphers. |
Fix | Log in to get remediation advice |
Trigger | The server supports the CAST-128 cipher. |
---|---|
Context |
In SSH, CAST-128 is used with 128-bit keys. However, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). There seem to be no advantage to using it over more secure and more widely supported ciphers. |
Fix | Log in to get remediation advice |
Trigger | The server uses a 2048-bit RSA key. |
---|---|
Context |
RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems. |
Trigger | The server only supports SSH-2. |
---|---|
Context |
The recommended SSH protocol is SSH-2, adopted as a standard in 2006 (RFC 4251) and identified as "SSH-2.0". SSH-1, designed in 1995, is now discouraged. Servers claiming compatibility with both versions use "SSH-1.99" in their version string. |
Trigger | The server doesn't support the DES cipher. |
---|---|
Context |
DES is a cipher with an effective key length of 56 bits, which is now considered too weak by many agencies, including ECRYPT and NIST (ECRYPT 2016 report, NIST SP 800-57, Part 1, Rev. 3). |
Trigger | The server doesn't support the IDEA cipher. |
---|---|
Context |
IDEA has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). There seem to be no advantage to using it over more secure and more widely supported ciphers. |
Trigger | The server doesn't support the RC4 cipher. |
---|---|
Context |
RC4 is a stream cipher in which significant weaknesses have been found. The use of this cipher in any protocol has been discouraged by ECRYPT as of 2014 (ECRYPT 2016 report). In SSH, RC4 is implemented as "arcfour", "arcfour128" and "arcfour256". "arcfour128" and "arcfour256" improve the original algorithm but are still considered weak (RFC 4345). |
Versions | TLS 1.2 |
---|---|
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2023-09-12 16:51:07 UTC |
Certificate expiration date | 2023-12-11 16:51:06 UTC |
Certificate serial number | 279503508235384226986805774441936220599460 |
Certificate issuer | CN=R3,O=Let's Encrypt,C=US |
Certificate subject | CN=software2.virtualmin.com |
Certificate SANs |
|
Trigger | The expiration date of this certificate is 2023-12-11 16:51:06 UTC. |
---|---|
Context |
Each certificate defines a validity period. Outside of this period, it is not valid. In particular, no revocation information will be kept about an expired certificate. |
Trigger | The server uses a 2048-bit RSA key. |
---|---|
Context |
RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems. |
Trigger | The server uses a commonly-shared 2048-bit Diffie-Hellman group. |
---|---|
Context |
Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org). |
Trigger | SSL 2.0 not among the protocols offered by TLS server. |
---|---|
Context |
SSL 2.0 has been officially deprecated as of March 2011 (RFC 6176). |
Trigger | SSL 3.0 not among the protocols offered by TLS server. |
---|---|
Context |
SSL 3.0 has been officially deprecated as of June 2015 (RFC 7568). |
Trigger | TLS 1.0 not among the protocols offered by TLS server. |
---|---|
Context |
TLS 1.0 is discouraged by PCI-DSS and has been considered non-compliant since June 2018 (PCI-DSS v3.2). |
Trigger | The server is not vulnerable to POODLE. |
---|---|
Context |
Servers that support SSL 3.0 with cipher suites containing the CBC mode of operation can be vulnerable to the POODLE attack (RFC 7568). A possible countermeasure consists in enabling TLS Fallback SCSV along with more recent TLS protocols such as TLS 1.2. |
Trigger | The server doesn't support any cipher suites containing the DES cipher. |
---|---|
Context |
DES is a cipher with an effective key length of 56 bits, which is now considered too weak by many agencies, including ECRYPT and NIST (ECRYPT 2016 report, NIST SP 800-57, Part 1, Rev. 3). |
Trigger | The server doesn't support any cipher suites containing the 3DES cipher. |
---|---|
Context |
Three-key-3DES is a cipher with 168-bit keys but an effective key length of 112 bits because of a meet-in-the-middle attack. This is considered enough only for legacy. Furthermore, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). |
Trigger | The server doesn't support any cipher suites containing the NULL cipher. |
---|---|
Context |
Application data is not encrypted when the NULL cipher is used, exposing it to eavesdroppers. |
Trigger | The server doesn't support any EXPORT cipher suites. |
---|---|
Context |
For legacy reasons, some TLS cipher suites are composed of export-grade cryptography, which is insecure by today's standards. Furthermore, servers that accept EXPORT cipher suites may be vulnerable to the FREAK (freakattack.com) or the Logjam (weakdh.org) downgrade attacks. |
Trigger | The server doesn't support any cipher suites containing the RC4 cipher. |
---|---|
Context |
RC4 is a stream cipher in which significant weaknesses have been found. The use of this cipher in any protocol has been discouraged by ECRYPT as of 2014 (ECRYPT 2016 report). In TLS, cipher suites using RC4 have been deprecated as of February 2015 (RFC 7465). |
Trigger | The hash used for the certificate is SHA-256. |
---|---|
Context |
The hash function used on certificate signatures must be cryptographically secure in order for the certificate not to be forgeable. Hash functions MD2 and MD5 are considered to be broken. SHA-1 certificates are in the process of being deprecated because of their weaknesses although many browsers and websites still support them. The SHA-2 family of functions (SHA-224, SHA-256, ...) are a safe alternative. |
Trigger | The server supports some cipher suites that provide forward secrecy. |
---|---|
Context |
Forward secrecy is achieved when the security of session keys is not affected by a compromise of long-term keys. In TLS, forward secrecy is enabled by DHE, ECDHE and DH_anon cipher suites. They protect past communications from a compromise of a long-term key (such as an RSA key). |
Trigger | The server is not vulnerable to DROWN. |
---|---|
Context |
A server is vulnerable to the "General DROWN" attack when it supports, willingly or not, weak SSLv2 cipher suites. A server is vulnerable to the even more powerful "Special DROWN" attack when it is affected by CVE-2016-0703. DROWN may affect any TLS server (even with TLS 1.2 and on a different machine) which uses the same RSA key as the vulnerable SSLv2 server (drownattack.com). |
Trigger | The server is not vulnerable to ROBOT. |
---|---|
Context |
ROBOT (https://robotattack.org/) is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. It affects vulnerable server implementations that also allow the use of RSA encryption (e.g. TLS_RSA cipher suites). |
Trigger | The start date of this certificate is 2023-09-12 16:51:07 UTC. |
---|---|
Context |
Each certificate defines a validity period. Outside of this period, it is not valid. A validity start date in the future is a sign that the certificate is bogus or that the system that generated it has a desynchronized clock. |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
The CRIME vulnerability (also known as CVE-2012-4929) happens when TLS compression is enabled. An attacker can get information about sensitive data in pages by observing the size of compressed responses. Using this, it is possible to impersonate users by retrieving their session cookies. This exploit has been demonstrated on HTTPS, but the weakness is fundamental to compression in TLS and may be exploitable in non-HTTP services. |
Trigger | This service does not support any anonymous cipher suite. |
---|---|
Context |
Each cipher suite describes how server authentication is done. Anonymous cipher suites tell the client not to authenticate the server. They should thus not be used unless server authentication is not required, as is usually the case for SMTP servers. |
Trigger | The server is not vulnerable to Heartbleed. |
---|---|
Context |
The OpenSSL Heartbleed bug (heartbleed.com, CVE-2014-0160) allows secrets including the server's private key to be extracted in the clear. |
High level description |
In some configurations of TLS, it is possible for an attacker with sufficient access to mount a MITM attack that gives him the ability to decrypt and modify all the traffic between the server and the client. |
---|---|
Representation |
|
High level description |
In some configurations of TLS a padding oracle might be present on the server. This makes it possible for an attacker with sufficient access to partially decrypt the information sent from the client to the server. |
---|---|
Representation |
|
High level description |
In some configurations of TLS, it is possible for an attacker with sufficient access to decrypt the Master Secret and thus the rest of the TLS stream. |
---|---|
Representation |
|
IP address | 163.172.162.254 |
---|---|
Last scan | 2024-04-18 16:33:03 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.106 |
---|---|
Last scan | 2024-04-18 16:33:03 UTC |
No service that could be analyzed detected on this machine.