TLS Certificate Verification Bypass in Nessus 6.x before 6.11

TLS Certificate Verification Bypass in Nessus 6.x before 6.11

CVE-2017-11506 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

Learn more about our Web Application Penetration Testing UK.