weak ssl ciphers in webmin
I have been using webmin in my Linux mdk 10.0 ( kernel 2.6.3-7) box for configuration. I ran an audit on all my servers using the nessus daemon and got this result for webmin:
Warning: snet-sensor-mgmt (<port # removed>/tcp). The SSLv2 server offers 6 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Informational: snet-sensor-mgmt (<port # removed>/tcp) . Here is the list of available SSLv2 ciphers:
<followed by a list of 9 ciphers>
I do not use webmin for remote administration. The webmin port, in fact, is firewalled. I only use it thru loopback in my PC for convenience.
Is this vulnerability serious? How do I disable cipher keys. Where are they so that I may delete them?
Do let me know.