Hi,
I have been using webmin in my Linux mdk 10.0 ( kernel 2.6.3-7) box for configuration. I ran an audit on all my servers using the nessus daemon and got this result for webmin: ================================================================= Warning: snet-sensor-mgmt (<port # removed>/tcp). The SSLv2 server offers 6 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against a brute force attack Solution: disable those ciphers and upgrade your client software if necessary Informational: snet-sensor-mgmt (<port # removed>/tcp) . Here is the list of available SSLv2 ciphers: <followed by a list of 9 ciphers> ================================================================== I do not use webmin for remote administration. The webmin port, in fact, is firewalled. I only use it thru loopback in my PC for convenience. Is this vulnerability serious? How do I disable cipher keys. Where are they so that I may delete them? Do let me know. Thanks, AR ________________________________________________________________________ Analabha Roy Graduate Student Department Of Physics, University of Texas, 1 University Station C1600, Austin, Texas 78712-0264, United States emails: [EMAIL PROTECTED], Home Page: http://www.ph.utexas.edu/~daneel ________________________________________________________________________ _______________________________________________ Siglinux mailing list [EMAIL PROTECTED] http://machito.utacm.org/mailman/listinfo/siglinux
