Good day:
We have made a scan with the company Qualys, our zimbra server Release 8.8.6_GA_1906.RHEL7_64_20171130041047 RHEL7_64 FOSS edition, It presents vulnerabilities:
SSL Server Allows Anonymous Authentication Vulnerability port:465,25
SSL/TLS Server supports TLSv1.0 port:443,465,995
SSL/TLS Server supports TLSv1.0 port: 25,110
SSL/TLS use of weak RC4(Arcfour) cipher port: 25,465
I have applied the following commands and they always show me vulnerabilities:
1
zmprov mcf +zimbraSSLExcludeCipherSuites SSL_RSA_WITH_RC4_128_MD5
zmprov mcf +zimbraSSLExcludeCipherSuites SSL_RSA_WITH_RC4_128_SHA
zmprov mcf +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
2
zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'
3
postconf -e smtpd_tls_protocols='!TLSv1.2'
4
zmlocalconfig -e postfix_smtp_sasl_security_options=noanonymous
zmprov ms <server> zimbraMtaSmtpSaslSecurityOptions noanonymous
5
zmprov mcf zimbraMtaSmtpdTlsProtocols '!TLSv1.2'
6
This is a sample with zenmap:
465/tcp open smtps
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
| State: VULNERABLE
| Transport Layer Security (TLS) services that use anonymous
| Diffie-Hellman key exchange only provide protection against passive
| eavesdropping, and are vulnerable to active man-in-the-middle attacks
| which could completely compromise the confidentiality and integrity
| of any data exchanged over the resulting session.
| Check results:
| ANONYMOUS DH GROUP 1
| Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 3072
| Generator Length: 8
| Public Key Length: 3072
| References:
|_ https://www.ietf.org/rfc/rfc2246.txt
|_sslv2-drown:
Please your comments