Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   results of security scan, posted by David Stops on Mon Nov 1 12:52:23 2021 
    icon2.gif   Re: results of security scan, posted by Stefan Ritt on Tue Nov 2 12:07:46 2021 
       icon2.gif   Re: results of security scan, posted by David Stops on Thu Nov 4 13:48:00 2021 
Message ID: 69408     Entry time: Tue Nov 2 12:07:46 2021     In reply to: 69407     Reply to this: 69409
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Question  OS: Linux  ELOG Version: elog-3.1.4-2 
Subject: Re: results of security scan 

The elgod.c progarm itself is rather weak in SSL, since I just don't have time to catch up with the latest SSL enhancements. The safest you can do is to put an industry-strenth web server like Apache in front of elogd and let that server handle the SSL layer.

Stefan

David Stops wrote:

Recently central IT scanned our elog server and reported the following "vulnerabilities"

  • 42873 (1) - SSL Medium Strength Cipher Suites Supported (SWEET32)
  • 51192 (1) - SSL Certificate Cannot Be Trusted
  • 65821 (1) - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
  • 85582 (1) - Web Application Potentially Vulnerable to Clickjacking

Is there any easy way of preventing these

Thanks and Best Wishes

David

 

ELOG V3.1.5-3fb85fa6