Hi all,
I have run a vulnerability scanning against some systems and some vulnerabilities have come up related with OpenSSL. However, some of them have not 443 port open or have nothing but a single file named as openSSL inside some other's application folder. I asked about the operation of that application and whether it uses openSSL somehow. It does not. Not to mention that OpenSSL does not appear among the tasks or services running. Sometimes, I find OpenSSH being used but not OpenSSL. Does that use any OpenSSL libraries? I am trying to understand how my vulnerability scanner detects OpenSSL in cases like the ones I described above... Is there any way to check whether OpenSSL is being used by a system (eg. Windows server)? I would appreciate anyone's help with this as I am not experienced with OpenSSL. Thank you.