Just when things were starting to quiet down, OpenSSL.org posted a security advisory on June 5, 2014. Meet CVE-2014-0224, a vulnerability that makes a network susceptible to a man-in-the-middle (MITM) attack, allowing bad guys to decrypt and modify traffic from the attacked client and server.
If reading this is giving you heartburn, read on: The Nexpose June 6 update provides coverage for CVE-2014-0224. You can create a scan template that will focus your scan on CVE-2014-0224, to the exclusion of anything else. After the June 6 update, take the following steps:
Create a custom scan template.
- In the Web interface, click Administration. On the Admin page, click the create link for Templates, or just type the keyboard shortcuts TC. This opens the Scan Template Configuration panel.
- Clear any checks other than Vulnerabilities. This will eliminate a lot of unnecessary, extra scan time.
- In the Asset Discovery page, select Send ICMP “pings” and Send TCP packets to ports. Enter the numbers for any TCP ports that may be running SSL on your network.
- If you have SSL-enabled services running on unusual ports, add them to the Additional ports section on the Service Discovery page.
Select only the relevant vulnerability checks.
- Go to the Vulnerability Checks page. First, you will disable all checks, check categories, and check types so that you can focus on scanning exclusively for CVE-2014-0224.
- Expand the By Category section and click Remove categories.
- Select the check box for the top row (Vulnerability Category), which will auto-select the check boxes for all categories. Then click Save. Note that 0 categories are now enabled.
- Expand the By Check Type section and click Remove check types.
- Select the check box for the top row (Vulnerability Check Type), which will auto-select the check boxes for all types. Then click Save. Note that 0 check types are now enabled.
- Expand the By Individual Check section and click Add checks.
- Enter or paste CVE-2014-0224 in the Search Criteria box and click Search. The results include all authenticated and unauthenticated checks for CVE-2014-0224. The unauthenticated check provides an "outsider" view of your network as a would-be attacker would see it. The authenticated checks provide in-depth coverage of specific platforms . Select the check box for the top row (Vulnerability Check), which will auto-select the check boxes for all types. Then click Save. Note that 89 individual checks are enabled, which matches the number in the search results.
Save the scan template.
Create or edit a site to include:
- the new custom scan template
- credentials for the authenticated vulnerability checks
Learn more about CVE-2014-0224.
Read OpenSSL.org's June 5 security advisory.