scan | PDF Host

Executive Summary This report presents the findings of a comprehensive security scan conducted on the web infrastructure of MS Ramaiah Institute of Technology (MSRIT) across multiple domains, including www.msrit.edu , research.msrit.edu, parents.msrit.edu, exam.msrit.edu, centuriton.msrit.edu, and www.centuriton.msrit.edu . The scan identified vulnerabilities and configuration issues categorized by severity (info, low, medium) across HTTP, SSL/TLS, JavaScript, TCP, and DNS protocols. Key findings include outdated software, missing security headers, deprecated TLS versions, weak cryptographic configurations, and exposed sensitive files. Recommendations are provided to mitigate these risks and enhance the security posture of the infrastructure. Scope The scan targeted the following domains and services: Findings Summary The scan identified 103 issues, categorized as follows: Key Findings by Category 1. HTTP-Related Issues Domains : www.msrit.edu , research.msrit.edu, parents.msrit.edu, exam.msrit.edu, centuriton.msrit.edu, www.centuriton.msrit.edu Protocols/Services : HTTP, SSL/TLS, JavaScript, TCP (SSH, MySQL, IMAP, POP3, SMTP), DNS Scan Date : June 26, 2025 Info : 92 issues (informational, no immediate risk but may indicate suboptimal configurations) Low : 8 issues (minor vulnerabilities with limited impact) Medium : 2 issues (moderate vulnerabilities requiring attention) High : 1 issue Missing Security Headers (Info): All scanned domains ( www.msrit.edu , research.msrit.edu, parents.msrit.edu, centuriton.msrit.edu, www.centuriton.msrit.edu ) lack critical HTTP security headers, including: Content-Security-Policy (CSP) Strict-Transport-Security (HSTS) X-Frame-Options X-Content-Type-Options Referrer-Policy Permissions-Policy Cross-Origin-Embedder-Policy Cross-Origin-Opener-Policy Cross-Origin-Resource-Policy Clear-Site-Data X-Permitted-Cross-Domain-Policies Impact : Increases risk of attacks such as clickjacking, cross-site scripting (XSS), and MIME-type sniffing. Outdated Software (Info): WordPress version 5.4.16 detected on research.msrit.edu (latest version: 6.6.x). Insert Headers and Footers plugin version 1.4.6 detected on research.msrit.edu (latest version: 2.2.8). Joomla version 1.5.15 detected on parents.msrit.edu (end-of-life, highly vulnerable). Impact : Outdated software is susceptible to known vulnerabilities. Exposed Sensitive Files (High, Medium, Info): High : ZIP backup file (public_html.zip) exposed on parents.msrit.edu. Medium : Git configuration file (.git/config) exposed on www.msrit.edu Info: WordPress-related files (readme.html, license.txt, xmlrpc.php, wp- login.php) and directory listings (wp-content/uploads/, wp-includes/) exposed on research.msrit.edu. Info: Joomla htaccess.txt file exposed on parents.msrit.edu. Info: .DS_Store file exposed on www.msrit.edu Info: SSH known_hosts file exposed on parents.msrit.edu. Impact : Exposed files may leak sensitive information or facilitate attacks. Content Management System (CMS) Issues (Info, Low): 2. SSL/TLS Issues WordPress detected on www.msrit.edu and research.msrit.edu with version 5.4.16. Joomla detected on parents.msrit.edu with version 1.5.15. Low: WordPress user enumeration possible on research.msrit.edu (usernames: kna8fmsgyd, Kna8FmSgYd). XML-RPC and pingback enabled on research.msrit.edu. Impact : CMS misconfigurations may allow unauthorized access or brute-force attacks. Missing Subresource Integrity (SRI) (Info): External scripts and stylesheets on www.msrit.edu and research.msrit.edu lack SRI, increasing the risk of tampered third-party resources. Mixed Content (Info): HTTP image (pp.jpg) loaded over HTTPS on research.msrit.edu, potentially causing insecure content warnings. Web Application Firewall (WAF) (Info): CloudFront detected on www.msrit.edu Apachegeneric WAF detected on exam.msrit.edu, research.msrit.edu, and parents.msrit.edu. Other (Info): Technologies detected: Handlebars, YouTube, Owl Carousel, Font Awesome, Bootstrap ( www.msrit.edu ), UIkit (parents.msrit.edu), Catch Box theme (research.msrit.edu). AWS services (S3, CloudFront) detected on www.msrit.edu Wix DNS detected on centuriton.msrit.edu and www.centuriton.msrit.edu Deprecated TLS Versions (Info): on research.msrit.edu and parents.msrit.edu. TLS 1.2 and 1.3 supported on www.msrit.edu , centuriton.msrit.edu, www.centuriton.msrit.edu , research.msrit.edu, and parents.msrit.edu. Impact : Deprecated TLS versions (1.0, 1.1) are vulnerable to attacks like POODLE and BEAST. Weak Cipher Suites (Low): TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA detected on research.msrit.edu and parents.msrit.edu for TLS 1.0 and 1.1. 3. JavaScript-Related Issues 4. TCP Services Impact : Weak ciphers increase the risk of data interception. Expired and Revoked SSL Certificate (Low): Certificate for research.msrit.edu expired on September 5, 2023, and is revoked. Impact : Causes browser warnings and potential man-in-the-middle risks. Wildcard Certificates (Info): Wildcard certificates (*.msrit.edu, msrit.edu) used on www.msrit.edu , research.msrit.edu, and parents.msrit.edu, issued by GoDaddy.com, Inc. Certificates for centuriton.msrit.edu and www.centuriton.msrit.edu issued by Google Trust Services. Cookies Without Security Attributes (Info): Cookies without HttpOnly attribute on exam.msrit.edu and parents.msrit.edu. Cookies without Secure attribute on parents.msrit.edu. Impact : Increases risk of cookie theft via XSS or non-secure transmission. SSH-Related Issues (Info, Low, Medium): Info: SSH server (OpenSSH 5.3) detected on research.msrit.edu:22 with supported authentication methods (publickey, gssapi-keyex, gssapi-with-mic, password). Low: Weak MAC algorithms, CBC mode ciphers, and Diffie-Hellman Logjam vulnerability detected. Medium: Weak key exchange algorithms and SHA1 HMAC algorithms detected. Impact : Outdated SSH configurations may allow unauthorized access or weaken encryption. MySQL Information (Info): MySQL 5.7.36 detected on research.msrit.edu:3306 with native password authentication. Impact : Exposed database services may be targeted if not properly secured. Detected Services (Info): IMAP (port 143), POP3 (port 110), SMTP/Exim 4.93 (port 587), and MySQL (port 3306) detected on research.msrit.edu. 5. DNS Issues Recommendations High Priority (Medium Severity) Medium Priority (Low Severity) Impact : Exposed services increase the attack surface if not properly configured. CAA Fingerprint (Info): Certificate Authority Authorization (CAA) records detected for all domains. SaaS and Cloud Services (Info): Wix DNS (www247.wixdns.net) detected for centuriton.msrit.edu and www.centuriton.msrit.edu Amazon CloudFront (d3gnd1wywl35mn.cloudfront.net) and AWS nameservers detected for www.msrit.edu Impact : Third-party dependencies may introduce external risks if not monitored. 1. Remove Exposed Sensitive Files : Delete or restrict access to public_html.zip (parents.msrit.edu), .git/config ( www.msrit.edu ), .DS_Store ( www.msrit.edu ), known_hosts (parents.msrit.edu), and WordPress/Joomla configuration files. 2. Update SSH Configurations : Upgrade OpenSSH to the latest version. Disable weak algorithms (SHA1, CBC ciphers, weak key exchange). Restrict SSH authentication to publickey only, disabling password-based authentication. 1. Update TLS Configurations : Disable TLS 1.0 and 1.1 across all domains. Use strong cipher suites (e.g., TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384). Renew the expired/revoked SSL certificate for research.msrit.edu. 2. Secure Cookies : Low Priority (Info) Conclusion The security scan revealed multiple vulnerabilities and configuration issues across MSRIT’s web infrastructure, with the most critical being exposed sensitive files, outdated software, and weak cryptographic configurations. Immediate action is recommended to address medium-severity issues, followed by medium- and low-priority fixes to align with Set HttpOnly and Secure attributes for cookies on exam.msrit.edu and parents.msrit.edu. 3. Prevent WordPress User Enumeration : Disable or restrict the WordPress REST API (/wp/v2/users/) on research.msrit.edu. 1. Implement HTTP Security Headers : Add missing security headers (CSP, HSTS, X-Frame-Options, etc.) to all domains. 2. Update CMS Software : Upgrade WordPress to the latest version (6.6.x) on research.msrit.edu. Upgrade Insert Headers and Footers plugin to version 2.2.8. Migrate parents.msrit.edu from Joomla 1.5.15 to a supported CMS (e.g., latest WordPress or Joomla). 3. Add Subresource Integrity (SRI) : Implement SRI for all external scripts and stylesheets on www.msrit.edu and research.msrit.edu. 4. Fix Mixed Content : Update image URLs on research.msrit.edu to use HTTPS. 5. Secure Exposed Services : Restrict access to MySQL, IMAP, POP3, and SMTP services with firewalls or IP allowlists. 6. Disable WordPress XML-RPC : Disable xmlrpc.php on research.msrit.edu or implement strong authentication. 7. Monitor Third-Party Services : Regularly audit AWS, CloudFront, and Wix dependencies for security updates. modern security best practices. Implementing these recommendations will significantly reduce the risk of exploitation and enhance the overall security of the MSRIT domains.