The remote VMware ESXi host is affected by multiple vulnerabilities.

The version of VMware ESXi installed on the remote host is 7.0 prior to 7.0 Update 3s, 8.0 Update 2 prior to 8.0 Update 2d, or 8.0 Update 3 prior to 8.0 Update 3d. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0004 advisory:

- VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. (CVE-2025-22224)

- VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. (CVE-2025-22225)

- VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. (CVE-2025-22226)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to VMware ESXi 7.0 Update 3s, 8.0 Update 2d, or 8.0 Update 3d or later.

High

9.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

8.1

0.5147

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

I

Published: 2025/05/27, Modified: 2025/06/02

ESXi version : VMware ESXi 8.0.2 build-23825572
Installed build : 23825572
Fixed build : 8.0U2d 24585300

VMware ESXi is affected by multiple vulnerabilities.

The version of VMware ESXi installed on the remote host is 7.x prior to 7.0 Update 3w, 8.x prior to 8.0 Update 2e, or 8.0 Update 3 prior to 8.0 Update 3f. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0013 advisory:

- VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. (CVE-2025-41236)

- VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. (CVE-2025-41237)

- VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. (CVE-2025-41238)

- VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. (CVE-2025-41239)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to VMware ESXi 7.0 Update 3w, 8.0 Update 2e, or 8.0 Update 3f or later.

High

9.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

8.1

0.0002

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

I

Published: 2025/07/16, Modified: 2025/07/25

ESXi version : 8.0.2
Installed build : 23825572
Fixed build : 8.0U2e 24789317

The SSH server running on the remote host is affected by a vulnerability.

The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory.

- This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical vulnerability in sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon. Exploitation on non-glibc systems is conceivable but has not been examined. Systems that lack ASLR or users of downstream Linux distributions that have modified OpenSSH to disable per-connection ASLR re-randomisation (yes - this is a thing, no - we don't understand why) may potentially have an easier path to exploitation. OpenBSD is not vulnerable. We thank the Qualys Security Advisory Team for discovering, reporting and demonstrating exploitability of this problem, and for providing detailed feedback on additional mitigation measures. 2) Logic error in ssh(1) ObscureKeystrokeTiming In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an OpenSSH server version 9.5 or later, a logic error in the ssh(1) ObscureKeystrokeTiming feature (on by default) rendered this feature ineffective - a passive observer could still detect which network packets contained real keystrokes when the countermeasure was active because both fake and real keystroke packets were being sent unconditionally. This bug was Daniel Hugenroth and Alastair Beresford of the University of Cambridge Computer Lab. Worse, the unconditional sending of both fake and real keystroke packets broke another long- standing timing attack mitigation. Since OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for traffic received on TTYs in echo-off mode, such as when entering a password into su(8) or sudo(8). This bug rendered these fake keystroke echoes ineffective and could allow a passive observer of a SSH session to once again detect when echo was off and obtain fairly limited timing information about keystrokes in this situation (20ms granularity by default). This additional implication of the bug was identified by Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford and we thank them for their detailed analysis.
This bug does not affect connections when ObscureKeystrokeTiming was disabled or sessions where no TTY was requested. (openssh-9.8-1)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 9.8 or later.

High

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.3 (CVSS:3.0/E:P/RL:O/RC:C)

9.0

0.5079

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2024/07/01, Modified: 2025/03/11

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 9.8p1 / 9.8

The SSH server running on the remote host is affected by multiple vulnerabilities.

The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory.

- ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.
There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795)

- ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384)

- ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 9.6 or later.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

5.9 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.5777

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

5.0 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2023/12/22, Modified: 2025/02/28

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 9.6p1 / 9.6

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=172.17.100.232/E=vmca@vmware.com
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=172.17.100.232/E=vmca@vmware.com
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2012/01/17, Modified: 2022/06/14

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2012/01/17, Modified: 2022/06/14

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The VMware ESXi is affected by multiple vulnerabilities.

The version of VMware ESXi installed on the remote host is 7.0.x prior to 7.0 Update 3v or 8.0.x prior to 8.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0010 advisory.

- ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. (CVE-2025-41226)

- Workstation, Fusion and ESXi contain a denial-of-service vulnerability due to certain guest options. (CVE-2025-41227)

- VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. (CVE-2025-41228)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to ESXi 7.0 Update 3v, 8.0 Update 3e or later.

Medium

6.8 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

6.7

0.0003

5.5 (CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:C)

I

Published: 2025/05/26, Modified: 2025/08/12

ESXi version : 8.0
Installed build : 23825572
Fixed build : 8.0U3 24659227

The remote VMware ESXi host is affected by a out-of-bounds read vulnerability.

The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3q or 8.0 prior to 8.0 Update 3. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the VMSA-2024-0013 advisory:

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to VMware ESXi 7.0 Update 3q, 8.0 Update 3 or later.

Medium

6.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)

5.9 (CVSS:3.0/E:U/RL:O/RC:C)

4.2

0.0005

5.6 (CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C)

4.1 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2024/06/28, Modified: 2025/03/06

ESXi version : VMware ESXi 8.0.2 build-23825572
Installed build : 23825572
Fixed build : 8.0U3 24022510

The SSH server running on the remote host is affected by a vulnerability.

The version of OpenSSH installed on the remote host is prior to 10.0. It is, therefore, affected by a vulnerability. In sshd in OpenSSH the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 10.0 or later.

Low

3.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N)

2.4

0.0001

2.1 (CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

I

Published: 2025/04/17, Modified: 2025/10/29

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 10.0

The SSH server running on the remote host is affected by multiple vulnerabilities.

The version of OpenSSH installed on the remote host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities:

- ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) (CVE-2025-61984)

- ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 10.1/10.1p1 or later.

Low

3.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

4.0

0.0001

2.4 (CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:N)

II

Published: 2025/10/10, Modified: 2025/11/18

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 10.1 / 10.1.p1

It was possible to enumerate CPE names that matched on the remote system.

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

n/a

None

Published: 2010/04/21, Modified: 2025/09/29

The remote operating system matched the following CPE's :

cpe:/o:vmware:esxi:8.0 -> VMware ESXi
cpe:/o:vmware:esxi:8.0.2 -> VMware ESXi

Following application CPE's matched on the remote system :

cpe:/a:openbsd:openssh:9.0 -> OpenBSD OpenSSH
cpe:/a:smartbedded:meteobridge_firmware
cpe:/a:vmware:open_vm_tools:12.3.5 -> VMware Open VM Tools
cpe:/a:vmware:vmware_server

This plugin gathers the logs written by other plugins and reports them.

Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.

n/a

None

Published: 2015/06/17, Modified: 2025/07/14

Plugin debug log(s) have been attached.

It is possible to guess the remote device type.

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

n/a

None

Published: 2011/05/23, Modified: 2025/03/12

Remote device type : hypervisor
Confidence level : 99

Enumerates the PATH variable of the current scan user.

Enumerates the PATH variables of the current scan user.

Ensure that directories listed here are in line with corporate policy.

None

Published: 2022/12/21, Modified: 2025/12/18

Nessus has enumerated the path of the current scan user :

/bin
/sbin

The remote web server is not enforcing HSTS.

The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Configure the remote web server to use HSTS.

None

Published: 2015/07/02, Modified: 2024/08/09

HTTP/1.1 404 Not Found

Access-Control-Allow-Headers: accept, content-type, authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Fri, 23 Jan 2026 14:45:47 GMT
Content-Length: 19
Connection: close


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

The remote web server is not enforcing HSTS.

The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Configure the remote web server to use HSTS.

None

Published: 2015/07/02, Modified: 2024/08/09

HTTP/1.1 200 OK

Server:
X-Frame-Options: SAMEORIGIN
Content-Type: text/xml
Content-Length: 0
Connection: close


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

An HTTP/2 server is listening on the remote host.

The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).

Limit incoming traffic to this port if desired.

None

Published: 2015/09/04, Modified: 2022/04/11

The server supports direct HTTP/2 connections
without encryption.

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: Yes
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

location: https://172.17.100.232:443/
date: Fri, 23 Jan 2026 15:02:01 GMT
content-length: 0

Response Body :

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: Yes
HTTP/2 Cleartext Support: Yes
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

date: Fri, 23 Jan 2026 15:01:59 GMT
content-security-policy: upgrade-insecure-requests
content-type: text/html
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1
content-length: 258
x-envoy-upstream-service-time: 0

Response Body :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf8">
<meta http-equiv="refresh" content="0;URL='/ui'"/>
</head>
</html>

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: Yes
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Access-Control-Allow-Headers: accept, content-type, authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Fri, 23 Jan 2026 15:02:01 GMT
Content-Length: 19

Response Body :

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server:
X-Frame-Options: SAMEORIGIN
Content-Type: text/xml
Content-Length: 0
Connection: close

Response Body :

Nessus was able to enumerate local users and groups on the remote Linux host.

Using the supplied credentials, Nessus was able to enumerate the local users and groups on the remote Linux host.

None

None

Published: 2016/12/19, Modified: 2025/03/26

User : root
Home folder : /
Start script : /bin/sh
Groups : root

User : dcui
Home folder : /
Start script : /bin/sh
Groups : users

User : vpxuser
Home folder : /
Start script : /bin/sh
Groups : users

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 22/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 80/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 443/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 902/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 2379/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 2380/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 8000/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 8182/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 8300/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2025/07/14

Port 9080/tcp was found to be open

This plugin displays information about the Nessus scan.

This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.

n/a

None

Published: 2005/08/26, Modified: 2025/10/29

Information about this scan :

Nessus version : 10.11.1
Nessus build : 20021
Plugin feed version : 202601041845
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : linux 2
Scan policy used : linux
Scanner IP : 172.17.100.38
Port scanner(s) : nessus_tcp_scanner
Port range : 1-65535
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : yes
Plugin debugging enabled : yes (at debugging level 4)
Paranoia level : 0
Report verbosity : 2
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'root' via ssh
Attempt Least Privilege : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 1
Max checks : 1
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2026/1/23 19:09 India Standard Time (UTC +05:30)
Scan duration : 6265 sec
Scan for malware : no

Active connections are enumerated via the 'netstat' command.

This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.

n/a

None

Published: 2012/04/10, Modified: 2021/06/29

Netstat output :
-sh: netstat: not found

Multiple OS fingerprints were detected.

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here.

n/a

None

Published: 2025/02/26, Modified: 2025/03/03

Following OS Fingerprints were found

Remote operating system : VMware ESXi 8.0.2 build-23825572
Confidence level : 98
Method : Misc
Type : hypervisor
Fingerprint : unknown

Remote operating system : VMware ESXi 8.0.2 build-23825572
Confidence level : 99
Method : uname
Type : hypervisor
Fingerprint : uname:VMkernel HOST01-232 8.0.2 #1 SMP Release build-23825572 May 8 2024 02:35:14 x86_64 x86_64 x86_64 ESXi


Following fingerprints could not be used to determine OS :
SSH:!:SSH-2.0-OpenSSH_9.0
HTTP:!:Server:

SSLcert:!:i/CN:CAi/O:vcsa.lkpvm.comi/OU:VMware Engineerings/CN:172.17.100.232s/O:VMwares/OU:VMware Engineering
85ba93c39d0aec142335bcd87330afe6bc756dce
i/CN:CAi/O:vcsa.lkpvm.comi/OU:VMware Engineerings/CN:172.17.100.232s/O:VMwares/OU:VMware Engineering
85ba93c39d0aec142335bcd87330afe6bc756dce

It is possible to guess the remote operating system.

Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.

n/a

None

Published: 2003/12/09, Modified: 2025/06/03

Remote operating system : VMware ESXi 8.0.2 build-23825572
Confidence level : 99
Method : uname


The remote host is running VMware ESXi 8.0.2 build-23825572

Information about the remote host can be disclosed via an authenticated session.

Nessus was able to login to the remote host using SSH or local commands and extract the list of installed packages.

n/a

None

Published: 2017/05/30, Modified: 2025/02/11

It was possible to log into the remote host via SSH using 'keyboard-interactive' authentication.

Local checks have been enabled for this VMware ESXi host.
OS Security Patch Assessment is available for VMware ESXi, version 8.0.
Runtime : 4.267596 seconds

Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.

Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The necessary information was obtained to perform these checks.

n/a

None

Published: 2018/10/02, Modified: 2021/07/12

OS Security Patch Assessment is available.

Account : root
Protocol : SSH

An OpenSSH-based SSH server was detected on the remote host.

An OpenSSH-based SSH server was detected on the remote host.

n/a

None

Published: 2023/09/14, Modified: 2025/12/15

Service : ssh
Version : 9.0
Banner : SSH-2.0-OpenSSH_9.0

The remote host is missing several patches.

The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.

Install the patches listed below.

None

Published: 2013/07/08, Modified: 2025/12/15

. You need to take the following action :

[ OpenSSH < 10.1 / 10.1p1 Multiple Vulnerabilities (269984) ]

+ Action to take : Upgrade to OpenSSH version 10.1/10.1p1 or later.

+ Impact : Taking this action will resolve the following 6 different vulnerabilities :
CVE-2025-32728, CVE-2024-6387, CVE-2024-39894, CVE-2023-51385, CVE-2023-51384
CVE-2023-48795

Reports remote services that do not offer post-quantum ciphers.

This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.

n/a

None

Published: 2025/12/08, Modified: 2025/12/08

The target SSH server offers no post-quantum ciphers.

Reports remote services that do not offer post-quantum ciphers.

This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.

n/a

None

Published: 2025/12/08, Modified: 2025/12/08

The target TLS server offers no post-quantum ciphers.

Reports remote services that do not offer post-quantum ciphers.

This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.

n/a

None

Published: 2025/12/08, Modified: 2025/12/08

The target TLS server offers no post-quantum ciphers.

Reports remote services that do not offer post-quantum ciphers.

This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.

n/a

None

Published: 2025/12/08, Modified: 2025/12/08

The target TLS server offers no post-quantum ciphers.

Reports remote services that do not offer post-quantum ciphers.

This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.

n/a

None

Published: 2025/12/08, Modified: 2025/12/08

The target TLS server offers no post-quantum ciphers.

An SSH server is listening on this port.

This script detects which algorithms and languages are supported by the remote service for encrypting communications.

n/a

None

Published: 2013/10/28, Modified: 2025/12/08

Nessus negotiated the following encryption algorithm(s) with the server :

Client to Server: aes256-ctr
Server to Client: aes256-ctr

The server supports the following options for compression_algorithms_server_to_client :

none

The server supports the following options for mac_algorithms_client_to_server :

hmac-sha2-256
hmac-sha2-512

The server supports the following options for server_host_key_algorithms :

ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512

The server supports the following options for encryption_algorithms_client_to_server :

aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com

The server supports the following options for mac_algorithms_server_to_client :

hmac-sha2-256
hmac-sha2-512

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

The server supports the following options for compression_algorithms_client_to_server :

none

The server supports the following options for encryption_algorithms_server_to_client :

aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com

If plugin debugging is enabled, this plugin writes the SSH commands run on the host to a combined log file in a machine readable format.

If plugin debugging is enabled, this plugin writes the SSH commands run on the host to a combined log file in a machine readable format.
This log file resides on the scanner host itself.

n/a

None

Published: 2017/05/12, Modified: 2022/11/21

Combined log file location :

C:\ProgramData\Tenable\Nessus\nessus\tmp\ssh_commands-6f4d5848-86e9-4920-813a-202179f8dc9d.log

If the 'Always report SSH commands' advanced preference is selected in the scan policy, this plugin will report all commands run over SSH on the host in a machine readable format.

If the 'Always report SSH commands' advanced preference is selected in the scan policy, this plugin will report all commands run over SSH on the host in a machine readable format.

n/a

None

Published: 2022/11/21, Modified: 2022/11/21

The SSH commands run on this host have been attached:

A SSH server is running on the remote host.

This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

n/a

None

Published: 2002/03/06, Modified: 2024/07/24

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

The remote host supports the SCP protocol over SSH.

The remote host supports the Secure Copy (SCP) protocol over SSH.

n/a

None

Published: 2016/04/26, Modified: 2024/07/24

An SSH server is listening on this port.

It is possible to obtain information about the remote SSH server by sending an empty authentication request.

n/a

None

Published: 1999/10/12, Modified: 2024/07/24

SSH version : SSH-2.0-OpenSSH_9.0
SSH supported authentication : publickey,keyboard-interactive

The remote service encrypts communications.

This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.

n/a

None

Published: 2011/12/01, Modified: 2025/06/16

This port supports TLSv1.2.

The remote service encrypts communications.

This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.

n/a

None

Published: 2011/12/01, Modified: 2025/06/16

This port supports TLSv1.2.

The remote service encrypts communications.

This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.

n/a

None

Published: 2011/12/01, Modified: 2025/06/16

This port supports TLSv1.3/TLSv1.2.

The remote service encrypts communications.

This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.

n/a

None

Published: 2011/12/01, Modified: 2025/06/16

This port supports TLSv1.3/TLSv1.2.

This plugin displays the SSL certificate.

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

n/a

None

Published: 2008/05/19, Modified: 2021/02/03

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware
Organization Unit: VMware Engineering
Common Name: 172.17.100.232
Email Address: vmca@vmware.com

Issuer Name:

Common Name: CA
Domain Component: vsphere
Domain Component: local
Country: US
State/Province: California
Organization: vcsa.lkpvm.com
Organization Unit: VMware Engineering

Serial Number: 00 D8 B7 81 86 7F DA 82 3F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 26 02:56:45 2025 GMT
Not Valid After: Jan 26 02:56:45 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF 84 C0 FA 42 10 0C 3B 8A 9C 4F AB 96 21 C1 43 17 33 F0
37 C8 9E C0 3B 53 C4 FC 46 F0 E3 59 BD 39 90 56 BA 2A F4 4C
A8 DD E6 69 8E B0 8E ED 97 95 93 5F A2 28 8B 11 70 F9 2D 43
03 21 8A A1 BE 4F 3A 89 33 00 44 28 66 22 9F ED 3A 70 89 C2
4B B4 EB 0C 7D C5 23 C6 11 F5 FC D3 98 FC 00 3C 2A 98 A8 01
58 6E 98 9F B4 2D 7C 71 2F 66 F1 E5 85 39 2E 92 4B 3E 52 A7
3E 80 2A 7D 1B 37 CE A9 A5 DE 4B CD ED A0 25 B0 33 58 C1 43
F8 AC D4 3D 96 4F F2 5E 68 B0 02 57 63 54 54 12 17 CA A6 8E
A2 0A 04 8D 90 28 4C 04 EA AC 1A 02 3F 0A D0 36 71 9A AD C9
ED 01 9E 1B 02 BB C4 6D 24 2A 5F C0 B9 C5 81 B4 8E 59 3C 61
8B 0A EB 13 28 7B 98 9D 53 1B 58 9F 19 18 E0 B2 1D 96 B2 02
FA 8C 02 9D 1F FA 5C 83 57 0F C7 43 68 A1 3C E8 8F E8 B2 70
93 21 07 52 A9 2D 98 7B 7D 63 2C 08 32 6D E1 EC EB
Exponent: 01 00 01

Signature Length: 384 bytes / 3072 bits
Signature: 00 4E 03 BF 51 3C 5E 58 7E F9 7A A7 C5 C1 18 74 24 58 9C 97
3A C4 9D 68 34 DD 6E D8 71 3E 5B 5E 53 B6 90 EA 0E 1E 5B 8F
4C 31 85 6C 87 81 C5 9F 8B 9D 01 41 FF D8 74 8D B6 3E A5 4F
42 52 56 E3 0E F1 D3 24 CE 63 B8 4C F4 92 75 1D 41 BD 23 C3
D5 7A 05 53 E6 BC EC 25 27 A8 AE 58 42 E4 E3 AB 47 8B 7A A0
A4 70 5A 26 01 66 E8 4E 05 90 C9 6C 2F 45 0A A6 A2 AC AF 5F
11 F3 51 01 04 31 6F B1 D7 3F F9 9C 6B 9F A7 AB A4 D4 35 F9
BE BA AA 64 2C 58 6E 5B 52 25 E9 9D 27 7D 4F BC F9 F8 AE B0
99 7D F7 5D 42 AA E6 49 99 0E 5C 07 B8 AD 37 05 3B 83 B2 05
7D 38 5C BB AE 87 D4 C4 85 12 90 A2 67 B4 9F 88 8F E6 C1 B8
56 77 C8 1E 80 22 CF 4B 72 CC 85 D4 D9 31 2A AB 74 C8 CE 49
45 F1 09 EE D7 1F 45 CE 36 82 1B 5B 3C 45 C0 CB 50 0B 0F 83
5E AE 9C D4 D0 A8 66 A2 89 BE 52 9B 2A 5F EF DF A4 21 AC E6
01 27 AE 81 DF CE 32 83 42 46 20 D8 24 D1 A3 20 5B BB 86 3C
A2 7D 82 D5 8D F2 13 E1 D3 74 4F F8 FC 69 86 DA 7A FB A9 A9
3B A7 56 C0 79 0F 7E 37 60 B5 8E 8A F2 E7 58 4B 61 D6 D2 38
29 F6 1E 7C 6E AF 94 AD 48 EF 9D 02 4A F7 0F 78 CD 73 0B 2B
14 23 59 DE 03 3A 76 6F BD C2 62 DB 51 ED 78 A7 7C 50 11 3D
A0 CD 4E 13 7C 58 D5 D3 25 9A 10 1E 48 BF 3C 1F E8 6E ED 2F
63 95 CB 10 FC

Extension: Subject Alternative Name(2.5.29.17)
Critical: 0


Extension: Authority Key Identifier(2.5.29.35)
Critical: 0
Key Identifier: CE C3 1F 48 D2 F0 80 A9 65 AA D7 52 D0 E7 2C 8B CD 06 AE 3B


Extension: Authority Information Access(1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: https://vcsa.lkpvm.com/afd/vecs/ca


Fingerprints :

SHA-256 Fingerprint: EF 58 E2 FE 9A 9B 2D 69 38 00 D5 D3 29 28 5A 56 84 3F 83 EB
FD F7 45 CE 69 DD 03 F2 4E A1 3A EF
SHA-1 Fingerprint: 85 BA 93 C3 9D 0A EC 14 23 35 BC D8 73 30 AF E6 BC 75 6D CE
MD5 Fingerprint: 09 C0 70 A2 3A 4C B9 DD 93 29 8F 64 72 23 1D 51


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIEqzCCAxOgAwIBAgIJANi3gYZ/2oI/MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFzAVBgNVBAoMDnZjc2EubGtwdm0uY29tMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjUwMTI2MDI1NjQ1WhcNMzAwMTI2MDI1NjQ1WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEPMA0GA1UECgwGVk13YXJlMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcxFzAVBgNVBAMMDjE3Mi4xNy4xMDAuMjMyMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/hMD6QhAMO4qcT6uWIcFDFzPwN8iewDtTxPxG8ONZvTmQVroq9Eyo3eZpjrCO7ZeVk1+iKIsRcPktQwMhiqG+TzqJMwBEKGYin+06cInCS7TrDH3FI8YR9fzTmPwAPCqYqAFYbpiftC18cS9m8eWFOS6SSz5Spz6AKn0bN86ppd5Lze2gJbAzWMFD+KzUPZZP8l5osAJXY1RUEhfKpo6iCgSNkChMBOqsGgI/CtA2cZqtye0BnhsCu8RtJCpfwLnFgbSOWTxhiwrrEyh7mJ1TG1ifGRjgsh2WsgL6jAKdH/pcg1cPx0NooTzoj+iycJMhB1KpLZh7fWMsCDJt4ezrAgMBAAGjdDByMA8GA1UdEQQIMAaHBKwRZOgwHwYDVR0jBBgwFoAUzsMfSNLwgKllqtdS0Ocsi80GrjswPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL3Zjc2EubGtwdm0uY29tL2FmZC92ZWNzL2NhMA0GCSqGSIb3DQEBCwUAA4IBgQBOA79RPF5Yfvl6p8XBGHQkWJyXOsSdaDTdbthxPlteU7aQ6g4eW49MMYVsh4HFn4udAUH/2HSNtj6lT0JSVuMO8dMkzmO4TPSSdR1BvSPD1XoFU+a87CUnqK5YQuTjq0eLeqCkcFomAWboTgWQyWwvRQqmoqyvXxHzUQEEMW+x1z/5nGufp6uk1DX5vrqqZCxYbltSJemdJ31PvPn4rrCZffddQqrmSZkOXAe4rTcFO4OyBX04XLuuh9TEhRKQome0n4iP5sG4VnfIHoAiz0tyzIXU2TEqq3TIzklF8Qnu1x9FzjaCG1s8RcDLUAsPg16unNTQqGaiib5Smypf79+kIazmASeugd/OMoNCRiDYJNGjIFu7hjyifYLVjfIT4dN0T/j8aYbaevupqTunVsB5D343YLWOivLnWEth1tI4KfYefG6vlK1I750CSvcPeM1zCysUI1neAzp2b73CYttR7XinfFARPaDNThN8WNXTJZoQHki/PB/obu0vY5XLEPw=
-----END CERTIFICATE-----

This plugin displays the SSL certificate.

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

n/a

None

Published: 2008/05/19, Modified: 2021/02/03

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware
Organization Unit: VMware Engineering
Common Name: 172.17.100.232
Email Address: vmca@vmware.com

Issuer Name:

Common Name: CA
Domain Component: vsphere
Domain Component: local
Country: US
State/Province: California
Organization: vcsa.lkpvm.com
Organization Unit: VMware Engineering

Serial Number: 00 D8 B7 81 86 7F DA 82 3F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 26 02:56:45 2025 GMT
Not Valid After: Jan 26 02:56:45 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF 84 C0 FA 42 10 0C 3B 8A 9C 4F AB 96 21 C1 43 17 33 F0
37 C8 9E C0 3B 53 C4 FC 46 F0 E3 59 BD 39 90 56 BA 2A F4 4C
A8 DD E6 69 8E B0 8E ED 97 95 93 5F A2 28 8B 11 70 F9 2D 43
03 21 8A A1 BE 4F 3A 89 33 00 44 28 66 22 9F ED 3A 70 89 C2
4B B4 EB 0C 7D C5 23 C6 11 F5 FC D3 98 FC 00 3C 2A 98 A8 01
58 6E 98 9F B4 2D 7C 71 2F 66 F1 E5 85 39 2E 92 4B 3E 52 A7
3E 80 2A 7D 1B 37 CE A9 A5 DE 4B CD ED A0 25 B0 33 58 C1 43
F8 AC D4 3D 96 4F F2 5E 68 B0 02 57 63 54 54 12 17 CA A6 8E
A2 0A 04 8D 90 28 4C 04 EA AC 1A 02 3F 0A D0 36 71 9A AD C9
ED 01 9E 1B 02 BB C4 6D 24 2A 5F C0 B9 C5 81 B4 8E 59 3C 61
8B 0A EB 13 28 7B 98 9D 53 1B 58 9F 19 18 E0 B2 1D 96 B2 02
FA 8C 02 9D 1F FA 5C 83 57 0F C7 43 68 A1 3C E8 8F E8 B2 70
93 21 07 52 A9 2D 98 7B 7D 63 2C 08 32 6D E1 EC EB
Exponent: 01 00 01

Signature Length: 384 bytes / 3072 bits
Signature: 00 4E 03 BF 51 3C 5E 58 7E F9 7A A7 C5 C1 18 74 24 58 9C 97
3A C4 9D 68 34 DD 6E D8 71 3E 5B 5E 53 B6 90 EA 0E 1E 5B 8F
4C 31 85 6C 87 81 C5 9F 8B 9D 01 41 FF D8 74 8D B6 3E A5 4F
42 52 56 E3 0E F1 D3 24 CE 63 B8 4C F4 92 75 1D 41 BD 23 C3
D5 7A 05 53 E6 BC EC 25 27 A8 AE 58 42 E4 E3 AB 47 8B 7A A0
A4 70 5A 26 01 66 E8 4E 05 90 C9 6C 2F 45 0A A6 A2 AC AF 5F
11 F3 51 01 04 31 6F B1 D7 3F F9 9C 6B 9F A7 AB A4 D4 35 F9
BE BA AA 64 2C 58 6E 5B 52 25 E9 9D 27 7D 4F BC F9 F8 AE B0
99 7D F7 5D 42 AA E6 49 99 0E 5C 07 B8 AD 37 05 3B 83 B2 05
7D 38 5C BB AE 87 D4 C4 85 12 90 A2 67 B4 9F 88 8F E6 C1 B8
56 77 C8 1E 80 22 CF 4B 72 CC 85 D4 D9 31 2A AB 74 C8 CE 49
45 F1 09 EE D7 1F 45 CE 36 82 1B 5B 3C 45 C0 CB 50 0B 0F 83
5E AE 9C D4 D0 A8 66 A2 89 BE 52 9B 2A 5F EF DF A4 21 AC E6
01 27 AE 81 DF CE 32 83 42 46 20 D8 24 D1 A3 20 5B BB 86 3C
A2 7D 82 D5 8D F2 13 E1 D3 74 4F F8 FC 69 86 DA 7A FB A9 A9
3B A7 56 C0 79 0F 7E 37 60 B5 8E 8A F2 E7 58 4B 61 D6 D2 38
29 F6 1E 7C 6E AF 94 AD 48 EF 9D 02 4A F7 0F 78 CD 73 0B 2B
14 23 59 DE 03 3A 76 6F BD C2 62 DB 51 ED 78 A7 7C 50 11 3D
A0 CD 4E 13 7C 58 D5 D3 25 9A 10 1E 48 BF 3C 1F E8 6E ED 2F
63 95 CB 10 FC

Extension: Subject Alternative Name(2.5.29.17)
Critical: 0


Extension: Authority Key Identifier(2.5.29.35)
Critical: 0
Key Identifier: CE C3 1F 48 D2 F0 80 A9 65 AA D7 52 D0 E7 2C 8B CD 06 AE 3B


Extension: Authority Information Access(1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: https://vcsa.lkpvm.com/afd/vecs/ca


Fingerprints :

SHA-256 Fingerprint: EF 58 E2 FE 9A 9B 2D 69 38 00 D5 D3 29 28 5A 56 84 3F 83 EB
FD F7 45 CE 69 DD 03 F2 4E A1 3A EF
SHA-1 Fingerprint: 85 BA 93 C3 9D 0A EC 14 23 35 BC D8 73 30 AF E6 BC 75 6D CE
MD5 Fingerprint: 09 C0 70 A2 3A 4C B9 DD 93 29 8F 64 72 23 1D 51


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIEqzCCAxOgAwIBAgIJANi3gYZ/2oI/MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFzAVBgNVBAoMDnZjc2EubGtwdm0uY29tMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjUwMTI2MDI1NjQ1WhcNMzAwMTI2MDI1NjQ1WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEPMA0GA1UECgwGVk13YXJlMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcxFzAVBgNVBAMMDjE3Mi4xNy4xMDAuMjMyMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/hMD6QhAMO4qcT6uWIcFDFzPwN8iewDtTxPxG8ONZvTmQVroq9Eyo3eZpjrCO7ZeVk1+iKIsRcPktQwMhiqG+TzqJMwBEKGYin+06cInCS7TrDH3FI8YR9fzTmPwAPCqYqAFYbpiftC18cS9m8eWFOS6SSz5Spz6AKn0bN86ppd5Lze2gJbAzWMFD+KzUPZZP8l5osAJXY1RUEhfKpo6iCgSNkChMBOqsGgI/CtA2cZqtye0BnhsCu8RtJCpfwLnFgbSOWTxhiwrrEyh7mJ1TG1ifGRjgsh2WsgL6jAKdH/pcg1cPx0NooTzoj+iycJMhB1KpLZh7fWMsCDJt4ezrAgMBAAGjdDByMA8GA1UdEQQIMAaHBKwRZOgwHwYDVR0jBBgwFoAUzsMfSNLwgKllqtdS0Ocsi80GrjswPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL3Zjc2EubGtwdm0uY29tL2FmZC92ZWNzL2NhMA0GCSqGSIb3DQEBCwUAA4IBgQBOA79RPF5Yfvl6p8XBGHQkWJyXOsSdaDTdbthxPlteU7aQ6g4eW49MMYVsh4HFn4udAUH/2HSNtj6lT0JSVuMO8dMkzmO4TPSSdR1BvSPD1XoFU+a87CUnqK5YQuTjq0eLeqCkcFomAWboTgWQyWwvRQqmoqyvXxHzUQEEMW+x1z/5nGufp6uk1DX5vrqqZCxYbltSJemdJ31PvPn4rrCZffddQqrmSZkOXAe4rTcFO4OyBX04XLuuh9TEhRKQome0n4iP5sG4VnfIHoAiz0tyzIXU2TEqq3TIzklF8Qnu1x9FzjaCG1s8RcDLUAsPg16unNTQqGaiib5Smypf79+kIazmASeugd/OMoNCRiDYJNGjIFu7hjyifYLVjfIT4dN0T/j8aYbaevupqTunVsB5D343YLWOivLnWEth1tI4KfYefG6vlK1I750CSvcPeM1zCysUI1neAzp2b73CYttR7XinfFARPaDNThN8WNXTJZoQHki/PB/obu0vY5XLEPw=
-----END CERTIFICATE-----

This plugin displays the SSL certificate.

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

n/a

None

Published: 2008/05/19, Modified: 2021/02/03

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware
Organization Unit: VMware Engineering
Common Name: 172.17.100.232
Email Address: vmca@vmware.com

Issuer Name:

Common Name: CA
Domain Component: vsphere
Domain Component: local
Country: US
State/Province: California
Organization: vcsa.lkpvm.com
Organization Unit: VMware Engineering

Serial Number: 00 D8 B7 81 86 7F DA 82 3F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 26 02:56:45 2025 GMT
Not Valid After: Jan 26 02:56:45 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF 84 C0 FA 42 10 0C 3B 8A 9C 4F AB 96 21 C1 43 17 33 F0
37 C8 9E C0 3B 53 C4 FC 46 F0 E3 59 BD 39 90 56 BA 2A F4 4C
A8 DD E6 69 8E B0 8E ED 97 95 93 5F A2 28 8B 11 70 F9 2D 43
03 21 8A A1 BE 4F 3A 89 33 00 44 28 66 22 9F ED 3A 70 89 C2
4B B4 EB 0C 7D C5 23 C6 11 F5 FC D3 98 FC 00 3C 2A 98 A8 01
58 6E 98 9F B4 2D 7C 71 2F 66 F1 E5 85 39 2E 92 4B 3E 52 A7
3E 80 2A 7D 1B 37 CE A9 A5 DE 4B CD ED A0 25 B0 33 58 C1 43
F8 AC D4 3D 96 4F F2 5E 68 B0 02 57 63 54 54 12 17 CA A6 8E
A2 0A 04 8D 90 28 4C 04 EA AC 1A 02 3F 0A D0 36 71 9A AD C9
ED 01 9E 1B 02 BB C4 6D 24 2A 5F C0 B9 C5 81 B4 8E 59 3C 61
8B 0A EB 13 28 7B 98 9D 53 1B 58 9F 19 18 E0 B2 1D 96 B2 02
FA 8C 02 9D 1F FA 5C 83 57 0F C7 43 68 A1 3C E8 8F E8 B2 70
93 21 07 52 A9 2D 98 7B 7D 63 2C 08 32 6D E1 EC EB
Exponent: 01 00 01

Signature Length: 384 bytes / 3072 bits
Signature: 00 4E 03 BF 51 3C 5E 58 7E F9 7A A7 C5 C1 18 74 24 58 9C 97
3A C4 9D 68 34 DD 6E D8 71 3E 5B 5E 53 B6 90 EA 0E 1E 5B 8F
4C 31 85 6C 87 81 C5 9F 8B 9D 01 41 FF D8 74 8D B6 3E A5 4F
42 52 56 E3 0E F1 D3 24 CE 63 B8 4C F4 92 75 1D 41 BD 23 C3
D5 7A 05 53 E6 BC EC 25 27 A8 AE 58 42 E4 E3 AB 47 8B 7A A0
A4 70 5A 26 01 66 E8 4E 05 90 C9 6C 2F 45 0A A6 A2 AC AF 5F
11 F3 51 01 04 31 6F B1 D7 3F F9 9C 6B 9F A7 AB A4 D4 35 F9
BE BA AA 64 2C 58 6E 5B 52 25 E9 9D 27 7D 4F BC F9 F8 AE B0
99 7D F7 5D 42 AA E6 49 99 0E 5C 07 B8 AD 37 05 3B 83 B2 05
7D 38 5C BB AE 87 D4 C4 85 12 90 A2 67 B4 9F 88 8F E6 C1 B8
56 77 C8 1E 80 22 CF 4B 72 CC 85 D4 D9 31 2A AB 74 C8 CE 49
45 F1 09 EE D7 1F 45 CE 36 82 1B 5B 3C 45 C0 CB 50 0B 0F 83
5E AE 9C D4 D0 A8 66 A2 89 BE 52 9B 2A 5F EF DF A4 21 AC E6
01 27 AE 81 DF CE 32 83 42 46 20 D8 24 D1 A3 20 5B BB 86 3C
A2 7D 82 D5 8D F2 13 E1 D3 74 4F F8 FC 69 86 DA 7A FB A9 A9
3B A7 56 C0 79 0F 7E 37 60 B5 8E 8A F2 E7 58 4B 61 D6 D2 38
29 F6 1E 7C 6E AF 94 AD 48 EF 9D 02 4A F7 0F 78 CD 73 0B 2B
14 23 59 DE 03 3A 76 6F BD C2 62 DB 51 ED 78 A7 7C 50 11 3D
A0 CD 4E 13 7C 58 D5 D3 25 9A 10 1E 48 BF 3C 1F E8 6E ED 2F
63 95 CB 10 FC

Extension: Subject Alternative Name(2.5.29.17)
Critical: 0


Extension: Authority Key Identifier(2.5.29.35)
Critical: 0
Key Identifier: CE C3 1F 48 D2 F0 80 A9 65 AA D7 52 D0 E7 2C 8B CD 06 AE 3B


Extension: Authority Information Access(1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: https://vcsa.lkpvm.com/afd/vecs/ca


Fingerprints :

SHA-256 Fingerprint: EF 58 E2 FE 9A 9B 2D 69 38 00 D5 D3 29 28 5A 56 84 3F 83 EB
FD F7 45 CE 69 DD 03 F2 4E A1 3A EF
SHA-1 Fingerprint: 85 BA 93 C3 9D 0A EC 14 23 35 BC D8 73 30 AF E6 BC 75 6D CE
MD5 Fingerprint: 09 C0 70 A2 3A 4C B9 DD 93 29 8F 64 72 23 1D 51


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIEqzCCAxOgAwIBAgIJANi3gYZ/2oI/MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFzAVBgNVBAoMDnZjc2EubGtwdm0uY29tMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjUwMTI2MDI1NjQ1WhcNMzAwMTI2MDI1NjQ1WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEPMA0GA1UECgwGVk13YXJlMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcxFzAVBgNVBAMMDjE3Mi4xNy4xMDAuMjMyMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/hMD6QhAMO4qcT6uWIcFDFzPwN8iewDtTxPxG8ONZvTmQVroq9Eyo3eZpjrCO7ZeVk1+iKIsRcPktQwMhiqG+TzqJMwBEKGYin+06cInCS7TrDH3FI8YR9fzTmPwAPCqYqAFYbpiftC18cS9m8eWFOS6SSz5Spz6AKn0bN86ppd5Lze2gJbAzWMFD+KzUPZZP8l5osAJXY1RUEhfKpo6iCgSNkChMBOqsGgI/CtA2cZqtye0BnhsCu8RtJCpfwLnFgbSOWTxhiwrrEyh7mJ1TG1ifGRjgsh2WsgL6jAKdH/pcg1cPx0NooTzoj+iycJMhB1KpLZh7fWMsCDJt4ezrAgMBAAGjdDByMA8GA1UdEQQIMAaHBKwRZOgwHwYDVR0jBBgwFoAUzsMfSNLwgKllqtdS0Ocsi80GrjswPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL3Zjc2EubGtwdm0uY29tL2FmZC92ZWNzL2NhMA0GCSqGSIb3DQEBCwUAA4IBgQBOA79RPF5Yfvl6p8XBGHQkWJyXOsSdaDTdbthxPlteU7aQ6g4eW49MMYVsh4HFn4udAUH/2HSNtj6lT0JSVuMO8dMkzmO4TPSSdR1BvSPD1XoFU+a87CUnqK5YQuTjq0eLeqCkcFomAWboTgWQyWwvRQqmoqyvXxHzUQEEMW+x1z/5nGufp6uk1DX5vrqqZCxYbltSJemdJ31PvPn4rrCZffddQqrmSZkOXAe4rTcFO4OyBX04XLuuh9TEhRKQome0n4iP5sG4VnfIHoAiz0tyzIXU2TEqq3TIzklF8Qnu1x9FzjaCG1s8RcDLUAsPg16unNTQqGaiib5Smypf79+kIazmASeugd/OMoNCRiDYJNGjIFu7hjyifYLVjfIT4dN0T/j8aYbaevupqTunVsB5D343YLWOivLnWEth1tI4KfYefG6vlK1I750CSvcPeM1zCysUI1neAzp2b73CYttR7XinfFARPaDNThN8WNXTJZoQHki/PB/obu0vY5XLEPw=
-----END CERTIFICATE-----

This plugin displays the SSL certificate.

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

n/a

None

Published: 2008/05/19, Modified: 2021/02/03

Subject Name:

Country: US
State/Province: California
Locality: Palo Alto
Organization: VMware
Organization Unit: VMware Engineering
Common Name: 172.17.100.232
Email Address: vmca@vmware.com

Issuer Name:

Common Name: CA
Domain Component: vsphere
Domain Component: local
Country: US
State/Province: California
Organization: vcsa.lkpvm.com
Organization Unit: VMware Engineering

Serial Number: 00 D8 B7 81 86 7F DA 82 3F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 26 02:56:45 2025 GMT
Not Valid After: Jan 26 02:56:45 2030 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF 84 C0 FA 42 10 0C 3B 8A 9C 4F AB 96 21 C1 43 17 33 F0
37 C8 9E C0 3B 53 C4 FC 46 F0 E3 59 BD 39 90 56 BA 2A F4 4C
A8 DD E6 69 8E B0 8E ED 97 95 93 5F A2 28 8B 11 70 F9 2D 43
03 21 8A A1 BE 4F 3A 89 33 00 44 28 66 22 9F ED 3A 70 89 C2
4B B4 EB 0C 7D C5 23 C6 11 F5 FC D3 98 FC 00 3C 2A 98 A8 01
58 6E 98 9F B4 2D 7C 71 2F 66 F1 E5 85 39 2E 92 4B 3E 52 A7
3E 80 2A 7D 1B 37 CE A9 A5 DE 4B CD ED A0 25 B0 33 58 C1 43
F8 AC D4 3D 96 4F F2 5E 68 B0 02 57 63 54 54 12 17 CA A6 8E
A2 0A 04 8D 90 28 4C 04 EA AC 1A 02 3F 0A D0 36 71 9A AD C9
ED 01 9E 1B 02 BB C4 6D 24 2A 5F C0 B9 C5 81 B4 8E 59 3C 61
8B 0A EB 13 28 7B 98 9D 53 1B 58 9F 19 18 E0 B2 1D 96 B2 02
FA 8C 02 9D 1F FA 5C 83 57 0F C7 43 68 A1 3C E8 8F E8 B2 70
93 21 07 52 A9 2D 98 7B 7D 63 2C 08 32 6D E1 EC EB
Exponent: 01 00 01

Signature Length: 384 bytes / 3072 bits
Signature: 00 4E 03 BF 51 3C 5E 58 7E F9 7A A7 C5 C1 18 74 24 58 9C 97
3A C4 9D 68 34 DD 6E D8 71 3E 5B 5E 53 B6 90 EA 0E 1E 5B 8F
4C 31 85 6C 87 81 C5 9F 8B 9D 01 41 FF D8 74 8D B6 3E A5 4F
42 52 56 E3 0E F1 D3 24 CE 63 B8 4C F4 92 75 1D 41 BD 23 C3
D5 7A 05 53 E6 BC EC 25 27 A8 AE 58 42 E4 E3 AB 47 8B 7A A0
A4 70 5A 26 01 66 E8 4E 05 90 C9 6C 2F 45 0A A6 A2 AC AF 5F
11 F3 51 01 04 31 6F B1 D7 3F F9 9C 6B 9F A7 AB A4 D4 35 F9
BE BA AA 64 2C 58 6E 5B 52 25 E9 9D 27 7D 4F BC F9 F8 AE B0
99 7D F7 5D 42 AA E6 49 99 0E 5C 07 B8 AD 37 05 3B 83 B2 05
7D 38 5C BB AE 87 D4 C4 85 12 90 A2 67 B4 9F 88 8F E6 C1 B8
56 77 C8 1E 80 22 CF 4B 72 CC 85 D4 D9 31 2A AB 74 C8 CE 49
45 F1 09 EE D7 1F 45 CE 36 82 1B 5B 3C 45 C0 CB 50 0B 0F 83
5E AE 9C D4 D0 A8 66 A2 89 BE 52 9B 2A 5F EF DF A4 21 AC E6
01 27 AE 81 DF CE 32 83 42 46 20 D8 24 D1 A3 20 5B BB 86 3C
A2 7D 82 D5 8D F2 13 E1 D3 74 4F F8 FC 69 86 DA 7A FB A9 A9
3B A7 56 C0 79 0F 7E 37 60 B5 8E 8A F2 E7 58 4B 61 D6 D2 38
29 F6 1E 7C 6E AF 94 AD 48 EF 9D 02 4A F7 0F 78 CD 73 0B 2B
14 23 59 DE 03 3A 76 6F BD C2 62 DB 51 ED 78 A7 7C 50 11 3D
A0 CD 4E 13 7C 58 D5 D3 25 9A 10 1E 48 BF 3C 1F E8 6E ED 2F
63 95 CB 10 FC

Extension: Subject Alternative Name(2.5.29.17)
Critical: 0


Extension: Authority Key Identifier(2.5.29.35)
Critical: 0
Key Identifier: CE C3 1F 48 D2 F0 80 A9 65 AA D7 52 D0 E7 2C 8B CD 06 AE 3B


Extension: Authority Information Access(1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: https://vcsa.lkpvm.com/afd/vecs/ca


Fingerprints :

SHA-256 Fingerprint: EF 58 E2 FE 9A 9B 2D 69 38 00 D5 D3 29 28 5A 56 84 3F 83 EB
FD F7 45 CE 69 DD 03 F2 4E A1 3A EF
SHA-1 Fingerprint: 85 BA 93 C3 9D 0A EC 14 23 35 BC D8 73 30 AF E6 BC 75 6D CE
MD5 Fingerprint: 09 C0 70 A2 3A 4C B9 DD 93 29 8F 64 72 23 1D 51


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIEqzCCAxOgAwIBAgIJANi3gYZ/2oI/MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFzAVBgNVBAoMDnZjc2EubGtwdm0uY29tMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjUwMTI2MDI1NjQ1WhcNMzAwMTI2MDI1NjQ1WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEPMA0GA1UECgwGVk13YXJlMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcxFzAVBgNVBAMMDjE3Mi4xNy4xMDAuMjMyMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/hMD6QhAMO4qcT6uWIcFDFzPwN8iewDtTxPxG8ONZvTmQVroq9Eyo3eZpjrCO7ZeVk1+iKIsRcPktQwMhiqG+TzqJMwBEKGYin+06cInCS7TrDH3FI8YR9fzTmPwAPCqYqAFYbpiftC18cS9m8eWFOS6SSz5Spz6AKn0bN86ppd5Lze2gJbAzWMFD+KzUPZZP8l5osAJXY1RUEhfKpo6iCgSNkChMBOqsGgI/CtA2cZqtye0BnhsCu8RtJCpfwLnFgbSOWTxhiwrrEyh7mJ1TG1ifGRjgsh2WsgL6jAKdH/pcg1cPx0NooTzoj+iycJMhB1KpLZh7fWMsCDJt4ezrAgMBAAGjdDByMA8GA1UdEQQIMAaHBKwRZOgwHwYDVR0jBBgwFoAUzsMfSNLwgKllqtdS0Ocsi80GrjswPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL3Zjc2EubGtwdm0uY29tL2FmZC92ZWNzL2NhMA0GCSqGSIb3DQEBCwUAA4IBgQBOA79RPF5Yfvl6p8XBGHQkWJyXOsSdaDTdbthxPlteU7aQ6g4eW49MMYVsh4HFn4udAUH/2HSNtj6lT0JSVuMO8dMkzmO4TPSSdR1BvSPD1XoFU+a87CUnqK5YQuTjq0eLeqCkcFomAWboTgWQyWwvRQqmoqyvXxHzUQEEMW+x1z/5nGufp6uk1DX5vrqqZCxYbltSJemdJ31PvPn4rrCZffddQqrmSZkOXAe4rTcFO4OyBX04XLuuh9TEhRKQome0n4iP5sG4VnfIHoAiz0tyzIXU2TEqq3TIzklF8Qnu1x9FzjaCG1s8RcDLUAsPg16unNTQqGaiib5Smypf79+kIazmASeugd/OMoNCRiDYJNGjIFu7hjyifYLVjfIT4dN0T/j8aYbaevupqTunVsB5D343YLWOivLnWEth1tI4KfYefG6vlK1I750CSvcPeM1zCysUI1neAzp2b73CYttR7XinfFARPaDNThN8WNXTJZoQHki/PB/obu0vY5XLEPw=
-----END CERTIFICATE-----

The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.

The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.

n/a

None

Published: 2013/10/22, Modified: 2021/02/03

Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.

The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.

n/a

None

Published: 2013/10/22, Modified: 2021/02/03

Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.

The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.

n/a

None

Published: 2013/10/22, Modified: 2021/02/03

Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service encrypts communications using SSL.

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

n/a

None

Published: 2006/06/05, Modified: 2024/09/11

Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service encrypts communications using SSL.

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

n/a

None

Published: 2006/06/05, Modified: 2024/09/11

Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service encrypts communications using SSL.

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

n/a

None

Published: 2006/06/05, Modified: 2024/09/11

Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) SHA384


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service encrypts communications using SSL.

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

n/a

None

Published: 2006/06/05, Modified: 2024/09/11

Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) SHA384


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.

n/a

None

Published: 2011/12/07, Modified: 2021/03/09

Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.

n/a

None

Published: 2011/12/07, Modified: 2021/03/09

Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.

n/a

None

Published: 2011/12/07, Modified: 2021/03/09

Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.

n/a

None

Published: 2011/12/07, Modified: 2021/03/09

Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

A root Certification Authority certificate was found at the top of the certificate chain.

The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.

Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.

None

Published: 2016/11/14, Modified: 2018/11/15

The following root Certification Authority certificate was found :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Valid From : Jan 24 01:02:01 2025 GMT
|-Valid To : Jan 22 01:02:01 2035 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

A root Certification Authority certificate was found at the top of the certificate chain.

The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.

Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.

None

Published: 2016/11/14, Modified: 2018/11/15

The following root Certification Authority certificate was found :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Valid From : Jan 24 01:02:01 2025 GMT
|-Valid To : Jan 22 01:02:01 2035 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

The remote host advertises discouraged SSL/TLS ciphers.

The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.

Only enable support for recommened cipher suites.

None

Published: 2022/01/20, Modified: 2024/02/12

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote host advertises discouraged SSL/TLS ciphers.

The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.

Only enable support for recommened cipher suites.

None

Published: 2022/01/20, Modified: 2024/02/12

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote host advertises discouraged SSL/TLS ciphers.

The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.

Only enable support for recommened cipher suites.

None

Published: 2022/01/20, Modified: 2024/02/12

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2025/12/08

An SSH server is running on this port.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2025/12/08

A web server is running on this port.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2025/12/08

A TLSv1.2 server answered on this port.

A web server is running on this port through TLSv1.2.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2025/12/08

A VMware authentication daemon is running on this port.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2025/12/08

A TLSv1.2 server answered on this port.

A web server is running on this port through TLSv1.2.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2025/12/08

A TLSv1.3 server answered on this port.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2025/12/08

A TLSv1.3 server answered on this port.

A web server is running on this port through TLSv1.3.

The web UI for Smartbedded Meteobridge was detected on the remote host.

Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.

n/a

None

Published: 2025/12/12, Modified: 2025/12/15

URL : http://172.17.100.232/cgi-bin/meteobridge
Version : unknown
Authenticated : False

The web UI for Smartbedded Meteobridge was detected on the remote host.

Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.

n/a

None

Published: 2025/12/12, Modified: 2025/12/15

URL : https://172.17.100.232/cgi-bin/meteobridge
Version : unknown
Authenticated : False

The web UI for Smartbedded Meteobridge was detected on the remote host.

Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.

n/a

None

Published: 2025/12/12, Modified: 2025/12/15

URL : https://172.17.100.232:2379/cgi-bin/meteobridge
Version : unknown
Authenticated : False

The web UI for Smartbedded Meteobridge was detected on the remote host.

Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.

n/a

None

Published: 2025/12/12, Modified: 2025/12/15

URL : https://172.17.100.232:9080/cgi-bin/meteobridge
Version : unknown
Authenticated : False

It was possible to enumerate installed software on the remote host via SSH.

Nessus was able to list the software installed on the remote host by calling the appropriate command (e.g., 'rpm -qa' on RPM-based Linux distributions, qpkg, dpkg, etc.).

Remove any software that is not in compliance with your organization's acceptable use and security policies.

None

Published: 2006/10/15, Modified: 2025/03/26

Here is the list of packages installed on the remote VMware ESXi / ESX system :

ESXi Version : VMware ESXi 8.0.2 build-23825572
Name Version Vendor Acceptance Level Install Date Platforms

The remote host supports the TLS ALPN extension.

The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.

n/a

None

Published: 2015/07/17, Modified: 2024/09/11

http/1.1
h2

The remote host supports the TLS ALPN extension.

The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.

n/a

None

Published: 2015/07/17, Modified: 2024/09/11

h2

The remote service negotiates TLS supported curve groups.

This plugin detects which TLS supported groups entries are supported by the remote service.

n/a

None

Published: 2025/12/08, Modified: 2025/12/10

These are the TLS supported groups offered by the remote server :


TLS supported groups :

Name Code
--------------------------
secp256r1 0x0017
secp384r1 0x0018
secp521r1 0x0019

The remote service negotiates TLS supported curve groups.

This plugin detects which TLS supported groups entries are supported by the remote service.

n/a

None

Published: 2025/12/08, Modified: 2025/12/10

These are the TLS supported groups offered by the remote server :


TLS supported groups :

Name Code
--------------------------
secp256r1 0x0017
secp384r1 0x0018
secp521r1 0x0019

The remote service encrypts traffic using a version of TLS.

The remote service accepts connections encrypted using TLS 1.2.

N/A

None

Published: 2020/05/04, Modified: 2020/05/04

TLSv1.2 is enabled and the server supports at least one cipher.

The remote service encrypts traffic using a version of TLS.

The remote service accepts connections encrypted using TLS 1.2.

N/A

None

Published: 2020/05/04, Modified: 2020/05/04

TLSv1.2 is enabled and the server supports at least one cipher.

The remote service encrypts traffic using a version of TLS.

The remote service accepts connections encrypted using TLS 1.2.

N/A

None

Published: 2020/05/04, Modified: 2020/05/04

TLSv1.2 is enabled and the server supports at least one cipher.

The remote service encrypts traffic using a version of TLS.

The remote service accepts connections encrypted using TLS 1.2.

N/A

None

Published: 2020/05/04, Modified: 2020/05/04

TLSv1.2 is enabled and the server supports at least one cipher.

The remote service encrypts traffic using a version of TLS.

The remote service accepts connections encrypted using TLS 1.3.

N/A

None

Published: 2020/07/09, Modified: 2023/12/13

TLSv1.3 is enabled and the server supports at least one cipher.

The remote service encrypts traffic using a version of TLS.

The remote service accepts connections encrypted using TLS 1.3.

N/A

None

Published: 2020/07/09, Modified: 2023/12/13

TLSv1.3 is enabled and the server supports at least one cipher.

Nessus was able to log in to the remote host using the provided credentials. No issues were reported with access, privilege, or intermittent failure.

Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol.

When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that may result in incomplete scan results or limited scan coverage. The types of issues that are tracked include errors that indicate that the account used for scanning did not have sufficient permissions for a particular check, intermittent protocol failures which are unexpected after the protocol has been negotiated successfully earlier in the scan, and intermittent authentication failures which are unexpected after a credential set has been accepted as valid earlier in the scan. This plugin reports when none of the above issues have been logged during the course of the scan for at least one authenticated protocol. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for issues to be encountered for one protocol and not another.
For example, authentication to the SSH service on the remote target may have consistently succeeded with no privilege errors encountered, while connections to the SMB service on the remote target may have failed intermittently.

- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol and what particular check failed. For example, consistently successful checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful checks via SMB are more critical for Windows targets than for Linux targets.

n/a

None

Published: 2018/05/24, Modified: 2025/08/28

Nessus was able to log into the remote host with no privilege or access
problems via the following :

User: 'root'
Port: 22
Proto: SSH
Method: keyboard-interactive

Valid credentials were provided for an available authentication protocol.

Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because the authentication protocol service was available remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.

n/a

None

Published: 2020/10/15, Modified: 2024/03/25

Nessus was able to log in to the remote host via the following :

User: 'root'
Port: 22
Proto: SSH
Method: keyboard-interactive

It was possible to obtain traceroute information.

Makes a traceroute to the remote host.

n/a

None

Published: 1999/11/27, Modified: 2023/12/04

For your information, here is the traceroute from 172.17.100.38 to 172.17.100.232 :
172.17.100.38

ttl was greater than 50 - Completing Traceroute.

?

Hop Count: 1

An error was detected along the way.

VMWare Tools or Open VM Tools were detected on the remote Linux host.

VMWare Tools or Open VM Tools were detected on the remote Linux host.

n/a

None

Published: 2023/11/28, Modified: 2025/12/18

Path : /usr/sbin/vmtoolsd
Version : 12.3.5

The authentication daemon for VMware ESX or GSX was detected on the remote host.

The authentication daemon for VMware ESX or GSX was detected on the remote host.

n/a

None

Published: 2005/12/14, Modified: 2025/06/17

Service : vmware_auth
Version : unknown

The web client for VMware vSphere or ESXi was detected on the remote host.

The web client for VMware vSphere or ESXi was detected on the remote host.

Please see https://docs.tenable.com/vulnerability-management/Content/Scans/VMWareScanConfiguration.htm for more information on how to configure the scan.

n/a

None

Published: 2011/12/23, Modified: 2025/12/15

Version : VMware ESXi 8.0.2 build-23825572
API Version : HostAgent
Uses HTTPS : yes

The remote web server does not return 404 error codes.

The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.

n/a

None

Published: 2000/04/28, Modified: 2022/06/17

CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :

http://172.17.100.232/ruA9fJFAIGvd.html

The remote web server does not return 404 error codes.

The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.

n/a

None

Published: 2000/04/28, Modified: 2022/06/17

The following string will be used :
TYPE="password"

The remote VMware ESXi host is affected by multiple vulnerabilities.

The version of VMware ESXi installed on the remote host is 7.0 prior to 7.0 Update 3s, 8.0 Update 2 prior to 8.0 Update 2d, or 8.0 Update 3 prior to 8.0 Update 3d. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0004 advisory:

- VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. (CVE-2025-22224)

- VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. (CVE-2025-22225)

- VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. (CVE-2025-22226)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to VMware ESXi 7.0 Update 3s, 8.0 Update 2d, or 8.0 Update 3d or later.

High

9.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

8.1

0.5147

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

I

Published: 2025/05/27, Modified: 2025/06/02

ESXi version : VMware ESXi 8.0.2 build-23825572
Installed build : 23825572
Fixed build : 8.0U2d 24585300

VMware ESXi is affected by multiple vulnerabilities.

The version of VMware ESXi installed on the remote host is 7.x prior to 7.0 Update 3w, 8.x prior to 8.0 Update 2e, or 8.0 Update 3 prior to 8.0 Update 3f. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0013 advisory:

- VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. (CVE-2025-41236)

- VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. (CVE-2025-41237)

- VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. (CVE-2025-41238)

- VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. (CVE-2025-41239)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to VMware ESXi 7.0 Update 3w, 8.0 Update 2e, or 8.0 Update 3f or later.

High

9.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

8.1

0.0002

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

I

Published: 2025/07/16, Modified: 2025/07/25

ESXi version : 8.0.2
Installed build : 23825572
Fixed build : 8.0U2e 24789317

The SSH server running on the remote host is affected by a vulnerability.

The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory.

- This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical vulnerability in sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon. Exploitation on non-glibc systems is conceivable but has not been examined. Systems that lack ASLR or users of downstream Linux distributions that have modified OpenSSH to disable per-connection ASLR re-randomisation (yes - this is a thing, no - we don't understand why) may potentially have an easier path to exploitation. OpenBSD is not vulnerable. We thank the Qualys Security Advisory Team for discovering, reporting and demonstrating exploitability of this problem, and for providing detailed feedback on additional mitigation measures. 2) Logic error in ssh(1) ObscureKeystrokeTiming In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an OpenSSH server version 9.5 or later, a logic error in the ssh(1) ObscureKeystrokeTiming feature (on by default) rendered this feature ineffective - a passive observer could still detect which network packets contained real keystrokes when the countermeasure was active because both fake and real keystroke packets were being sent unconditionally. This bug was Daniel Hugenroth and Alastair Beresford of the University of Cambridge Computer Lab. Worse, the unconditional sending of both fake and real keystroke packets broke another long- standing timing attack mitigation. Since OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for traffic received on TTYs in echo-off mode, such as when entering a password into su(8) or sudo(8). This bug rendered these fake keystroke echoes ineffective and could allow a passive observer of a SSH session to once again detect when echo was off and obtain fairly limited timing information about keystrokes in this situation (20ms granularity by default). This additional implication of the bug was identified by Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford and we thank them for their detailed analysis.
This bug does not affect connections when ObscureKeystrokeTiming was disabled or sessions where no TTY was requested. (openssh-9.8-1)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 9.8 or later.

High

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.3 (CVSS:3.0/E:P/RL:O/RC:C)

9.0

0.5079

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2024/07/01, Modified: 2025/03/11

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 9.8p1 / 9.8

The SSH server running on the remote host is affected by multiple vulnerabilities.

The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory.

- ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann and Jrg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.
There is no other discernable impact to session secrecy or session integrity. OpenSSH 9.6 addresses this protocol weakness through a new strict KEX protocol extension that will be automatically enabled when both the client and server support it. This extension makes two changes to the SSH transport protocol to improve the integrity of the initial key exchange. Firstly, it requires endpoints to terminate the connection if any unnecessary or unexpected message is received during key exchange (including messages that were previously legal but not strictly required like SSH2_MSG_DEBUG). This removes most malleability from the early protocol. Secondly, it resets the Message Authentication Code counter at the conclusion of each key exchange, preventing previously inserted messages from being able to make persistent changes to the sequence number across completion of a key exchange. Either of these changes should be sufficient to thwart the Terrapin Attack. More details of these changes are in the PROTOCOL file in the OpenSSH source distribition. (CVE-2023-48795)

- ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. (CVE-2023-51384)

- ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or match exec predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. This situation could arise in the case of git submodules, where a repository could contain a submodule with shell characters in its user/hostname. Git does not ban shell metacharacters in user or host names when checking out repositories from untrusted sources. Although we believe it is the user's responsibility to ensure validity of arguments passed to ssh(1), especially across a security boundary such as the git example above, OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. This countermeasure is not guaranteed to be effective in all situations, as it is infeasible for ssh(1) to universally filter shell metacharacters potentially relevant to user-supplied commands. User/hostnames provided via ssh_config(5) are not subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. (CVE-2023-51385)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 9.6 or later.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

5.9 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.5777

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

5.0 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2023/12/22, Modified: 2025/02/28

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 9.6p1 / 9.6

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=172.17.100.234/E=vmca@vmware.com
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering
|-Issuer : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2012/01/17, Modified: 2022/06/14

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2012/01/17, Modified: 2022/06/14

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=vcsa.lkpvm.com/OU=VMware Engineering

The VMware ESXi is affected by multiple vulnerabilities.

The version of VMware ESXi installed on the remote host is 7.0.x prior to 7.0 Update 3v or 8.0.x prior to 8.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0010 advisory.

- ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. (CVE-2025-41226)

- Workstation, Fusion and ESXi contain a denial-of-service vulnerability due to certain guest options. (CVE-2025-41227)

- VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. (CVE-2025-41228)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to ESXi 7.0 Update 3v, 8.0 Update 3e or later.

Medium

6.8 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

6.7

0.0003

5.5 (CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:C)

I

Published: 2025/05/26, Modified: 2025/08/12

ESXi version : 8.0
Installed build : 23825572
Fixed build : 8.0U3 24659227

The remote VMware ESXi host is affected by a out-of-bounds read vulnerability.

The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3q or 8.0 prior to 8.0 Update 3. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the VMSA-2024-0013 advisory:

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to VMware ESXi 7.0 Update 3q, 8.0 Update 3 or later.

Medium

6.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)

5.9 (CVSS:3.0/E:U/RL:O/RC:C)

4.2

0.0005

5.6 (CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C)

4.1 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2024/06/28, Modified: 2025/03/06

ESXi version : VMware ESXi 8.0.2 build-23825572
Installed build : 23825572
Fixed build : 8.0U3 24022510

The SSH server running on the remote host is affected by a vulnerability.

The version of OpenSSH installed on the remote host is prior to 10.0. It is, therefore, affected by a vulnerability. In sshd in OpenSSH the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 10.0 or later.

Low

3.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N)

2.4

0.0001

2.1 (CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

I

Published: 2025/04/17, Modified: 2025/10/29

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 10.0

The SSH server running on the remote host is affected by multiple vulnerabilities.

The version of OpenSSH installed on the remote host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities:

- ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) (CVE-2025-61984)

- ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to OpenSSH version 10.1/10.1p1 or later.

Low

3.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

4.0

0.0001

2.4 (CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:N)

II

Published: 2025/10/10, Modified: 2025/11/18

Version source : SSH-2.0-OpenSSH_9.0
Installed version : 9.0
Fixed version : 10.1 / 10.1.p1

It was possible to enumerate CPE names that matched on the remote system.

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

n/a

None

Published: 2010/04/21, Modified: 2025/09/29

The remote operating system matched the following CPE's :

cpe:/o:vmware:esxi:8.0 -> VMware ESXi
cpe:/o:vmware:esxi:8.0.2 -> VMware ESXi

Following application CPE's matched on the remote system :

cpe:/a:openbsd:openssh:9.0 -> OpenBSD OpenSSH
cpe:/a:smartbedded:meteobridge_firmware
cpe:/a:vmware:open_vm_tools:12.3.5 -> VMware Open VM Tools
cpe:/a:vmware:vmware_server

This plugin gathers the logs written by other plugins and reports them.

Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.

n/a

None

Published: 2015/06/17, Modified: 2025/07/14

Plugin debug log(s) have been attached.

It is possible to guess the remote device type.

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

n/a

None

Published: 2011/05/23, Modified: 2025/03/12

Remote device type : hypervisor
Confidence level : 99

Enumerates the PATH variable of the current scan user.

Enumerates the PATH variables of the current scan user.

Ensure that directories listed here are in line with corporate policy.

None

Published: 2022/12/21, Modified: 2025/12/18

Nessus has enumerated the path of the current scan user :

/bin
/sbin

The remote web server is not enforcing HSTS.

The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Configure the remote web server to use HSTS.

None

Published: 2015/07/02, Modified: 2024/08/09

HTTP/1.1 200 OK

Server:
X-Frame-Options: SAMEORIGIN
Content-Type: text/xml
Content-Length: 0
Connection: close


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

An HTTP/2 server is listening on the remote host.

The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP (h2c).

Limit incoming traffic to this port if desired.

None

Published: 2015/09/04, Modified: 2022/04/11

The server supports direct HTTP/2 connections
without encryption.

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 301 Moved Permanently

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: Yes
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

location: https://172.17.100.234:443/
date: Fri, 23 Jan 2026 17:32:09 GMT
content-length: 0

Response Body :

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: Yes
HTTP/2 Cleartext Support: Yes
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

date: Fri, 23 Jan 2026 17:32:07 GMT
content-security-policy: upgrade-insecure-requests
content-type: text/html
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1
content-length: 258
x-envoy-upstream-service-time: 0

Response Body :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf8">
<meta http-equiv="refresh" content="0;URL='/ui'"/>
</head>
</html>

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server:
X-Frame-Options: SAMEORIGIN
Content-Type: text/xml
Content-Length: 0
Connection: close

Response Body :

Nessus was able to enumerate local users and groups on the remote Linux host.

Using the supplied credentials, Nessus was able to enumerate the local users and groups on the remote Linux host.

None

None

Published: 2016/12/19, Modified: 2025/03/26

User : root
Home folder : /
Start script : /bin/sh
Groups : root

User : dcui
Home folder : /
Start script : /bin/sh
Groups : users

User : vpxuser
Home folder : /
Start script : /bin/sh
Groups : users