Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V9 - Communications

Weak TLS configuration - weak ciphers

POC

  • Use testssl script to scan the given URLs with the following syntax ./testssl.sh {URL}
  • Observe weak ciphers in use and the vulnerabilities it causes.
  • To double check, you can test online,too with Qualys lab https://www.ssllabs.com/ssltest/

Impact

Low

Likelihood

Low