Also, updated the NVTs, created a scan config with just the one heartbeat test, and sent it along against ALL TCP ports on hosts, including a couple private known vulnerable devices and received no results. I'm a bit confused on that, and makes the check pretty worthless. Not STARTTLS as far as I know, before anyone asks.
On Wed, Apr 9, 2014 at 11:54 AM, Greg Etling <[email protected]> wrote: > Along these lines - Openvas appears to use libssl3.so instead of the > compromised libssl.so.10 versions, can anyone confirm whether any SSL keys > or certs would need to be recreated for Openvas itself, if installed on a > system with an insecure version of openssl? > > -- > Greg Etling > [email protected] > <[email protected]>Systems Administrator > Stern IT Enterprise Operations > NYU Stern School of Business > -- Greg Etling [email protected] <[email protected]>Systems Administrator Stern IT Enterprise Operations NYU Stern School of Business
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
