I am running an Ubuntu 20.04 LEMP (Linux, Nginx, MariaDb, PHP) email/web server. I am also doing some nmap vulnerability tests form my MacOS Client machine. On MacOS, I am using Oh My Zsh! with the nmap plugin enabled. To do some vulnerability tests on my Ubuntu Server from my MacOS client machine, I issued the command:
nmap_check_for_vulns my.server.ip.address
which is an alias command for
nmap --script=vuln
After issuing the command with my server's IP address, nmap reported the following Vulnerabilities:
465/tcp open smtps
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
| State: VULNERABLE
| Transport Layer Security (TLS) services that use anonymous
| Diffie-Hellman key exchange only provide protection against passive
| eavesdropping, and are vulnerable to active man-in-the-middle attacks
| which could completely compromise the confidentiality and integrity
| of any data exchanged over the resulting session.
| Check results:
| ANONYMOUS DH GROUP 1
| Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 2048
| Generator Length: 8
| Public Key Length: 2048
| References:
|_ https://www.ietf.org/rfc/rfc2246.txt
On the server, the output of sudo -ss lnpt
is:
LISTEN 0 100 0.0.0.0:465 0.0.0.0:* users:(("smtpd",pid=586529,fd=6),("master",pid=2078,fd=29))
The provided nmap link https://www.ietf.org/rfc/rfc2246.txt, doesn't provide reference to this SPECIFIC vulnerability that I can find.
My question is, what does this vulnerability mean, what process is using it, and how can I mitigate this vulnerability on my Ubuntu 20.04 server, without disabling port 456? Do I need to fix the Diffie Hellman issue in the postfix/dovecot SMTP servers, and if so, how do I go about doing so?