July 9, 2024

Vulnerability Scan
Report
prepared by
HostedScan Security

hostedscan.com
HostedScan Security Vulnerability Scan Report

Overview

1 Executive Summary 3

2 Vulnerabilities By Target 4

3 Network Vulnerabilities 6

4 Glossary 14

hostedscan.com 2
Executive Summary Vulnerability Scan Report

1 Executive Summary
Vulnerability scans were conducted on select servers, networks, websites, and applications. This report contains the
discovered potential vulnerabilities from these scans. Vulnerabilities have been classified by severity. Higher severity
indicates a greater risk of a data breach, loss of integrity, or availability of the targets.

1.1 Total Vulnerabilities

Below are the total number of vulnerabilities found by severity. Critical vulnerabilities are the most severe and should
be evaluated first. An accepted vulnerability is one which has been manually reviewed and classified as acceptable
to not fix at this time, such as a false positive detection or an intentional part of the system's architecture.

Critical High Medium Low Accepted

0 0 6 1 0
86% 14%

1.2 Report Coverage

This report includes findings for 1 target scanned. Each target is a single URL, IP address, or fully qualified domain
name (FQDN).

Vulnerability Categories

7
Network Vulnerabilities

hostedscan.com 3
Vulnerabilities By Target Vulnerability Scan Report

2 Vulnerabilities By Target
This section contains the vulnerability findings for each scanned target. Prioritization should be given to the
targets with the highest severity vulnerabilities. However, it is important to take into account the purpose of each
system and consider the potential impact a breach or an outage would have for the particular target.

2.1 Targets Summary

The number of potential vulnerabilities found for each target by severity.

Target Critical High Medium Low Accepted

https://www.unisoftindia.org/ 0 0 6 1 0

hostedscan.com 4
Vulnerabilities By Target | https://www.unisoftindia.org/ Vulnerability Scan Report

2.2 Target Breakdowns

Details for the potential vulnerabilities found for each target by scan type.

https://www.unisoftindia.org/
Target

Total Risks

0 0 6 1 0

86% 14%

Network Vulnerabilities Severity First Detected Last Detected

FTP Unencrypted Cleartext Login Medium 0 days ago 0 days ago

cvss score: 4.8

Weak Encryption Algorithm(s) Supported

(SSH) Medium 0 days ago 0 days ago
cvss score: 4.3

POP3 Unencrypted Cleartext Login Medium 0 days ago 0 days ago

cvss score: 4.8

Missing 'Secure' Cookie Attribute (HTTP) Medium 0 days ago 0 days ago
cvss score: 5.0

IMAP Unencrypted Cleartext Login Medium 0 days ago 0 days ago

cvss score: 4.8

Weak Key Exchange (KEX) Algorithm(s)

Supported (SSH) Medium 0 days ago 0 days ago
cvss score: 5.3

TCP Timestamps Information Disclosure Low 0 days ago 0 days ago

cvss score: 2.6

hostedscan.com 5
Network Vulnerabilities Vulnerability Scan Report

3 Network Vulnerabilities
The OpenVAS network vulnerability scan tests servers and internet connected devices for over 150,000
vulnerabilities. OpenVAS uses the Common Vulnerability Scoring System (CVSS) to quantify the severity of findings.
0.0 is the lowest severity and 10.0 is the highest.

3.1 Total Vulnerabilities

Total number of vulnerabilities found by severity.

Critical High Medium Low Accepted

0 0 6 1 0
86% 14%

3.2 Vulnerabilities Breakdown

Summary list of all detected vulnerabilities.

Title Severity CVSS Score Open Accepted

FTP Unencrypted Cleartext Login Medium 4.8 1 0

Weak Encryption Algorithm(s) Supported (SSH) Medium 4.3 1 0

POP3 Unencrypted Cleartext Login Medium 4.8 1 0

Missing 'Secure' Cookie Attribute (HTTP) Medium 5.0 1 0

IMAP Unencrypted Cleartext Login Medium 4.8 1 0

Weak Key Exchange (KEX) Algorithm(s) Supported (SSH) Medium 5.3 1 0

TCP Timestamps Information Disclosure Low 2.6 1 0

hostedscan.com 6
Network Vulnerabilities | FTP Unencrypted Cleartext Login Vulnerability Scan Report

3.3 Vulnerability Details

Detailed information about each potential vulnerability found by the scan.

FTP Unencrypted Cleartext Login

SEVERITY AFFECTED TARGETS LAST DETECTED CVSS SCORE

Medium 1 target 0 days ago 4.8

Description
The remote host is running a FTP service that allows cleartext logins over unencrypted connections.
An attacker can uncover login names and passwords by sniffing traffic to the FTP service.

Solution
Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see the manual of the FTP service for more information.

Vulnerable Target First Detected Last Detected

https://www.unisoftindia.org/ 0 days ago 0 days ago

hostedscan.com 7
Network Vulnerabilities | Weak Encryption Algorithm(s) Supported (SSH) Vulnerability Scan Report

Weak Encryption Algorithm(s) Supported (SSH)

SEVERITY AFFECTED TARGETS LAST DETECTED CVSS SCORE

Medium 1 target 0 days ago 4.3

Description
The remote SSH server is configured to allow / support weak encryption algorithm(s).
- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is believed to be compatible with the RC4 cipher
[SCHNEIER]. Arcfour (and RC4) has problems with weak keys, and should not be used anymore.

- The 'none' algorithm specifies that no encryption is to be done. Note that this method provides no confidentiality protection, and it is
NOT RECOMMENDED to use it.
- A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of
ciphertext.

Solution
Disable the reported weak encryption algorithm(s).

References
https://www.rfc-editor.org/rfc/rfc8758
https://www.kb.cert.org/vuls/id/958563
https://www.rfc-editor.org/rfc/rfc4253#section-6.3

Vulnerable Target First Detected Last Detected

https://www.unisoftindia.org/ 0 days ago 0 days ago

hostedscan.com 8
Network Vulnerabilities | POP3 Unencrypted Cleartext Login Vulnerability Scan Report

POP3 Unencrypted Cleartext Login

SEVERITY AFFECTED TARGETS LAST DETECTED CVSS SCORE

Medium 1 target 0 days ago 4.8

Description
The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections.

NOTE: Depending on the POP3 server configuration valid credentials needs to be given to the settings of 'Login configurations' OID:
1.3.6.1.4.1.25623.1.0.10870.
An attacker can uncover user names and passwords by sniffing traffic to the POP3 daemon if a less secure authentication mechanism
(eg, USER command, AUTH PLAIN, AUTH LOGIN) is used.

Solution
Configure the remote server to always enforce encrypted connections via SSL/TLS with the 'STLS' command.

References
http://www.ietf.org/rfc/rfc2222.txt
http://www.ietf.org/rfc/rfc2595.txt

Vulnerable Target First Detected Last Detected

https://www.unisoftindia.org/ 0 days ago 0 days ago

hostedscan.com 9
Network Vulnerabilities | Missing 'Secure' Cookie Attribute (HTTP) Vulnerability Scan Report

Missing 'Secure' Cookie Attribute (HTTP)

SEVERITY AFFECTED TARGETS LAST DETECTED CVSS SCORE

Medium 1 target 0 days ago 5.0

Description
The remote HTTP web server / application is missing to set the 'Secure' cookie attribute for one or more sent HTTP cookie.
The flaw exists if a cookie is not using the 'Secure' cookie attribute and is sent over a SSL/TLS connection.
This allows a cookie to be passed to the server by the client over non-secure channels (HTTP) and subsequently allows an attacker to
e.g. conduct session hijacking attacks.

Solution
- Set the 'Secure' cookie attribute for any cookies that are sent over a SSL/TLS connection
- Evaluate / do an own assessment of the security impact on the web server / application and create an override for this result if there is
none (this can't be checked automatically by this VT)

References
https://www.rfc-editor.org/rfc/rfc6265#section-5.2.5
https://owasp.org/www-community/controls/SecureCookieAttribute
https://wiki.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)

Vulnerable Target First Detected Last Detected

https://www.unisoftindia.org/ 0 days ago 0 days ago

hostedscan.com 10
Network Vulnerabilities | IMAP Unencrypted Cleartext Login Vulnerability Scan Report

IMAP Unencrypted Cleartext Login

SEVERITY AFFECTED TARGETS LAST DETECTED CVSS SCORE

Medium 1 target 0 days ago 4.8

Description
The remote host is running an IMAP daemon that allows cleartext logins over unencrypted connections.

NOTE: Valid credentials needs to given to the settings of 'Login configurations' OID: 1.3.6.1.4.1.25623.1.0.10870.
An attacker can uncover user names and passwords by sniffing traffic to the IMAP daemon if a less secure authentication mechanism
(eg, LOGIN command, AUTH

Solution
Configure the remote server to always enforce encrypted connections via SSL/TLS with the 'STARTTLS' command.

References
http://www.ietf.org/rfc/rfc2222.txt
http://www.ietf.org/rfc/rfc2595.txt

Vulnerable Target First Detected Last Detected

https://www.unisoftindia.org/ 0 days ago 0 days ago

hostedscan.com 11
Network Vulnerabilities | Weak Key Exchange (KEX) Algorithm(s) Supported (SSH) Vulnerability Scan Report

Weak Key Exchange (KEX) Algorithm(s) Supported

(SSH)
SEVERITY AFFECTED TARGETS LAST DETECTED CVSS SCORE

Medium 1 target 0 days ago 5.3

Description
The remote SSH server is configured to allow / support weak key exchange (KEX) algorithm(s).
- 1024-bit MODP group / prime KEX algorithms:
Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this
was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field
sieve-the most efficient algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime.
A nation-state can break a 1024-bit prime.
An attacker can quickly break individual connections.

Solution
Disable the reported weak KEX algorithm(s)
- 1024-bit MODP group / prime KEX algorithms:
Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.

References
https://weakdh.org/sysadmin.html
https://www.rfc-editor.org/rfc/rfc9142
https://www.rfc-editor.org/rfc/rfc9142#name-summary-guidance-for-implem
https://www.rfc-editor.org/rfc/rfc6194
https://www.rfc-editor.org/rfc/rfc4253#section-6.5

Vulnerable Target First Detected Last Detected

https://www.unisoftindia.org/ 0 days ago 0 days ago

hostedscan.com 12
Network Vulnerabilities | TCP Timestamps Information Disclosure Vulnerability Scan Report

TCP Timestamps Information Disclosure

SEVERITY AFFECTED TARGETS LAST DETECTED CVSS SCORE

Low 1 target 0 days ago 2.6

Description
The remote host implements TCP timestamps and therefore allows to compute the uptime.
The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.
A side effect of this feature is that the uptime of the remote host can sometimes be computed.

Solution
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps

References
https://datatracker.ietf.org/doc/html/rfc1323
https://datatracker.ietf.org/doc/html/rfc7323
https://web.archive.org/web/20151213072445/http://www.microsoft.com/en-us/download/details.aspx?id=9152
https://www.fortiguard.com/psirt/FG-IR-16-090

Vulnerable Target First Detected Last Detected

https://www.unisoftindia.org/ 0 days ago 0 days ago

hostedscan.com 13
Glossary Vulnerability Scan Report

4 Glossary
Accepted Vulnerability Vulnerability
An accepted vulnerability is one which has been manually A weakness in the computational logic (e.g., code) found
reviewed and classified as acceptable to not fix at this in software and hardware components that, when
time, such as a false positive scan result or an intentional exploited, results in a negative impact to confidentiality,
part of the system's architecture. integrity, or availability. Mitigation of the vulnerabilities in
this context typically involves coding changes, but could
Fully Qualified Domain Name (FQDN) also include specification changes or even specification
deprecations (e.g., removal of affected protocols or
A fully qualified domain name is a complete domain name
functionality in their entirety).
for a specific website or service on the internet. This
includes not only the website or service name, but also the
Target
top-level domain name, such as .com, .org, .net, etc. For
example, 'www.example.com' is an FQDN. A target represents target is a single URL, IP address, or
fully qualified domain name (FQDN) that was scanned.
Network Vulnerabilities
Severity
The OpenVAS network vulnerability scan tests servers and
internet connected devices for over 150,000 Severity represents the estimated impact potential of a
vulnerabilities. OpenVAS uses the Common Vulnerability particular vulnerability. Severity is divided into 5
Scoring System (CVSS) to quantify the severity of categories: Critical, High, Medium, Low and Accepted.
findings. 0.0 is the lowest severity and 10.0 is the highest.
CVSS Score
The CVSS 3.0 score is a global standard for evaluating
vulnerabilities with a 0 to 10 scale. CVSS maps to threat
levels:
0.1 - 3.9 = Low
4.0 - 6.9 = Medium
7.0 - 8.9 = High
9.0 - 10.0 = Critical

hostedscan.com 14
 This report was prepared using

HostedScan Security ®
For more information, visit hostedscan.com

Founded in Seattle, Washington in 2019, HostedScan, LLC. is

dedicated to making continuous vulnerability scanning and risk
management much more easily accessible to more businesses.

HostedScan, LLC.

2212 Queen Anne Ave N

Suite #521 Terms & Policies
Seattle, WA 98109 hello@hostedscan.com

hostedscan.com 15