High severity vulnerability on port 641 - Windows XP

  • Thread starter Thread starter JB
  • Start date Start date
J

JB

Hi,

I ran a nessus scan to a Win XP laptop and it found the following high
severity vulnerability:

---------------------------------------
service: unknown (641/tcp)
severity:High
Description:
The SSLv2 server does not accept strong "US grade" ciphers with 112 or
128 bit long secret keys Nessus only counted 2 weak "export class" and
0 medium strength
ciphers.
Those ciphers only offer a limited protection against a brute force
attack.
Solution: update your server certificate and/or upgrade your SSL
library or server software.
---------------------------------------

I don't know what it means. I searched for information about it, but I
haven't found anything concrete. Can someone help me?

Thanks,
JB
 
JB said:
I ran a nessus scan to a Win XP laptop and it found the following high
severity vulnerability:

---------------------------------------
service: unknown (641/tcp)
severity:High
Description:
The SSLv2 server does not accept strong "US grade" ciphers with 112 or
128 bit long secret keys Nessus only counted 2 weak "export class" and
0 medium strength
ciphers.
Those ciphers only offer a limited protection against a brute force
attack.
Solution: update your server certificate and/or upgrade your SSL
library or server software.
Click to expand...

Are you running some Oracle/Web Server?
 
Your issue may actually be one of determining what is running
bound to that port, as you seem to not be aware of SSL and so
I would guess did not install a service an config it to use SSL.
You could try TcpView from www.sysinternal.com
 
Hey,

I recently found this open port when I ran NMap against my machine
which is also an XP laptop. If you do the ctrl-alt-del to bring up th
task manager, you will probably be able to see a process running calle
tgcmd.exe or somethimg like that. This is the executable that i
opening the port.

Basically it is used by some vendors, like Sony, and Comcast, an
others, to provide user/system support. The reason you are getting th
SSL warning is that the communications between your computer and th
service provider is through an SSL session. Unfortunately, I don'
think that you can change the encryption level.

If you connect to the port through your web browser (https://<ip>:641
you SHOULD get the warning pop up that the certificate is old, or can'
be verified, or whatever.

I originally used telnet to connect to the port (telnet <ip> 641) an
when you type HELLO you will get the SSL23 blah blah blah error.

After ending the tgcmd.exe process, I reran the scanner and no longe
saw a service on that port.

TAG said:
*Hi,

I ran a nessus scan to a Win XP laptop and it found the followin
high
severity vulnerability:

---------------------------------------
service: unknown (641/tcp)
severity:High
Description:
The SSLv2 server does not accept strong "US grade" ciphers with 11
or
128 bit long secret keys Nessus only counted 2 weak "export class
and
0 medium strength
ciphers.
Those ciphers only offer a limited protection against a brute force
attack.
Solution: update your server certificate and/or upgrade your SSL
library or server software.
---------------------------------------

I don't know what it means. I searched for information about it, bu
I
haven't found anything concrete. Can someone help me?

Thanks,
JB
Click to expand...

-
nayabab
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping 9
FWT Newsletter - Weekly - November 17, 2003 0
FWT Newsletter - Weekly - September 6, 2004 1
FWT Newsletter - Weekly - October 4, 2004 2
WTD: Nvidia Videocard for 4x AGP Slot 0

Back
Top