Hi, recently our client perform a VAPT
FTP Server - Medium Severity [FTP was not built to be secure. It is
generally considered to be an insecure protocol because it relies on clear-text usernames and
passwords for authentication and does not use encryption.]
TLS 1.1 enabled - Low Severity [It is recommended to disable TLS 1.1 and replace it with TLS 1.2 or higher]
TLS Version One Enabled - Low Severity [TLS Version 1.0 is enabled on the web server at the following port: 4343, 8081, & 8082]
SSL/TLS Mismatch - Medium Severity [A certificate mismatch was found on port: 4343, 8081, & 8082 ]
Version Disclosure (Generic) - Low Severity [The FTP software and version was included during banner grabbing.]
Host Header Poisoning - Low Severity [The web server accepted arbitrary host headers at
https://xxx.xxx.xxx.1.]Already found the FTP Server and TLS via documents, I believed the SSL/TLS Mismatch is Certificate Loading on the WLC
Appreciate if you have insight on this. Can't share the document due to confidentiality.