Host is Vulnerable to Extended Master Secret TLS Extension , reminiscent of CVE-2009-3555

Host is Vulnerable to Extended Master Secret TLS Extension (TLS triple handshake) Impact On successful exploitation it becomes vulnerable to a man-in-the-middle attack, where the attacker can simply forward messages back and forth between the client and server. Vendor Reference None CVE ID None Threat The Transport Layer Security (TLS) master secret is not cryptographically bound to important session parameters such as the server certificate. Consequently, it is possible for an active attacker to set up two sessions, one with a client and another with a server, such that the master secrets on the two sessions are the same. Note: this attacks are reminiscent of the renegotiation attacks of 2009 [Ray, Rex] (CVE-2009-3555). QID Detection Logic(Un-Authenticated): This QID checks for web response coming from vulnerable host. Note:Please refer Detection POC for more details of the detection logic Issue

Details Result: Host:x.x.x.x:443 is vulnerable to TLS triple handshake CVSS Details: Base: 2.6 Temporal: 2.1