Universal Plug and Play (UPnP)

Test Name

Synopsis

Eth-Sec-TLS-001

Verify the Device/Server Is Protected Against Heartbleed (CVE-2014-0160)

Eth-Sec-TLS-002

Verify the Device Is Protected Against CCS Injection (CVE-2014-0224)

Eth-Sec-TLS-003

Verify the BIG-IP Load Balancer Is Protected Against Ticketbleed (CVE-2016-9244)

Eth-Sec-TLS-004

Verify the TLS Server not vulnerable to ROBOT Vulnerability (Bleichenbacher Oracle Risk)

Eth-Sec-TLS-005

Verify the Server Fails to Validate STARTTLS Command Integrity

Eth-Sec-TLS-006

Verify the TLS/SSL Server Not Permit Insecure Renegotiation

Eth-Sec-TLS-007

Verify the TLS Server Not Leak Information About Encrypted Payloads (via Length Variations)

Eth-Sec-TLS-008

Verify the device not vulnerable to BREACH

Eth-Sec-TLS-009

Detection of POODLE Vulnerability (Insecure Handling of Padding in SSLv3 CBC Cipher Suites)

Eth-Sec-TLS-010

Verify the Server’s TLS Implementation Correctly Implements TLS_FALLBACK_SCSV (RFC 7507) to Block Malicious Protocol Downgrade Attempts

Eth-Sec-TLS-011

Detection of SWEET32 Vulnerability (Use of 64-bit Block Ciphers Prone to Birthday Attacks on Encrypted Sessions)

Eth-Sec-TLS-012

Detection of BEAST Vulnerability (Insecure Handling of Initialization Vectors in CBC-Mode Ciphers for TLS 1.0 and Earlier)

Eth-Sec-TLS-013

Detection of Lucky13 Vulnerability (Insecure Padding Validation in CBC-Mode Ciphers)

Eth-Sec-TLS-014

Detection of WinShock Vulnerability (Buffer Overflow in SChannel’s Handling of TLS/SSL Protocol Negotiation)

Eth-Sec-TLS-015

Detection of FREAK Vulnerability (Susceptibility to Downgrade Attacks Using Weak Export-Grade RSA Cipher Suites)

Eth-Sec-TLS-016

Detection of Logjam Vulnerability (Susceptibility to Man-in-the-Middle Attacks Exploiting Weak DH Key Exchange Parameters)

Eth-Sec-TLS-017

Detection of DROWN Vulnerability (Susceptibility to Cross-Protocol Attacks Using SSLv2 to Compromise Modern TLS Encryption)

Eth-Sec-TLS-018

Verify the TLS/SSL Implementation Supports RC4 Ciphers