← Back to Feed CACHED · 2026-05-17 09:42:19 · cache_key CVE-2025-29912
tenable:104743 · CWE-327 · Disclosed 2017-11-22

TLS Version 1

ASSESSED — NOISGATE V0.5
Vendor
Reassessed
Verdict:
01 · The Real Story

This is an old side door left open after the building switched to badge readers

Tenable plugin 104743 fires when a remote service still negotiates TLS 1.0. This is not a product-specific bug and not a CVE; it applies to any server, appliance, proxy, or embedded service that still accepts TLSv1 handshakes. Tenable scores it Medium / 6.5 and maps it to CWE-327 because TLS 1.0 is deprecated, lacks modern cipher support, and keeps old downgrade and CBC-era baggage alive.

In real enterprise conditions, the vendor severity is too high for generic patch triage. The decisive friction is attacker position: this is usually a man-in-the-middle or legacy-client downgrade problem, not a straight unauthenticated remote compromise. Modern browsers and many platform stacks already killed TLS 1.0 years ago, so the reachable population is narrower than the CVSS suggests. It still matters for compliance, partner integrations, and sensitive data in transit, but it is usually crypto hygiene, not emergency response.

"TLS 1.0 support is legacy crypto debt, not an instant box-pop. Downgrade it unless the service is PCI-facing or truly internet critical."
02 · The Attack Path

4 steps from start to impact.

STEP 01

Enumerate TLS 1.0 support

An attacker or auditor first proves the endpoint accepts TLSv1 using commodity tools such as openssl s_client -tls1, nmap --script ssl-enum-ciphers, or sslyze. This step only confirms protocol support; it does not prove direct exploitability or host compromise.
Conditions required:
  • Network reachability to the target service
  • The service actually exposes TLS
  • TLS 1.0 is still enabled server-side
Where this breaks in practice:
  • Many modern internet-facing services already reject TLS 1.0
  • Load balancers may terminate TLS differently than the backend host
  • Internal-only services are invisible to outsiders without prior access
Detection/coverage: Excellent scanner coverage. Nessus, Nmap ssl-enum-ciphers, sslyze, and SSL Labs-style checks catch this reliably.
STEP 02

Get into the traffic path

To weaponize the weakness, the attacker usually needs an on-path position with tooling like bettercap, mitmproxy, or a malicious proxy/Wi-Fi gateway. That implies the attacker is already on the same network, controls an upstream device, or has compromised a trusted intermediary.
Conditions required:
  • Attacker can intercept or relay client traffic
  • Client and server traffic crosses infrastructure the attacker can influence
Where this breaks in practice:
  • This is post-initial-access or infrastructure-compromise territory
  • Network segmentation, WPA2-Enterprise, VPNs, managed proxies, and NAC all reduce reachability
  • Certificate warnings, pinning, and EDR visibility raise the chance of detection
Detection/coverage: Moderate. Network telemetry may show ARP spoofing, rogue proxy behavior, or anomalous certificate chains, but many vuln scanners will not see exploitation activity.
STEP 03

Force or observe a legacy handshake

The attacker then needs the client to actually negotiate TLS 1.0, either because the client is old, the application stack is pinned to old protocols, or fallback/downgrade behavior can be induced. RFC 8996 explicitly calls out that supporting multiple protocol versions increases misconfiguration risk, but modern stacks also deploy fallback protections that make forced downgrade less reliable.
Conditions required:
  • A legacy client, embedded device, or non-browser application still speaks TLS 1.0
  • Fallback protections do not fully block downgrade attempts
Where this breaks in practice:
  • Modern browsers broadly disabled TLS 1.0 starting in March 2020
  • Many libraries and OS defaults now prefer or require TLS 1.2+
  • The vulnerable path may exist only for a tiny set of legacy integrations
Detection/coverage: Good for configuration discovery, weak for runtime downgrade detection unless you log negotiated protocol versions on the TLS terminator.
STEP 04

Exploit weaker protocol properties for traffic exposure

Impact is usually limited to eavesdropping or tampering with some sessions, especially where CBC-era weaknesses, SHA-1-era assumptions, or broken downgrade handling remain relevant. This is not a normal path to shell access; the realistic consequence is weakened confidentiality and integrity of transit data for the subset of clients that still fall back to TLS 1.0.
Conditions required:
  • Useful data crosses the downgraded connection
  • The negotiated cipher/protocol combination is weak enough to matter
  • The attacker maintains on-path access long enough to exploit or inspect traffic
Where this breaks in practice:
  • Modern mitigations blunt several classic TLS 1.0 attacks
  • No guaranteed plaintext recovery or host takeover comes from TLS 1.0 support alone
  • Blast radius is usually session-level, not fleet-wide system compromise
Detection/coverage: Poor to moderate. You need TLS version telemetry, proxy logs, or packet captures to prove downgraded sessions in production.
03 · Intelligence Metadata

The supporting signals.

Finding typeConfiguration weakness, not a CVE. Tenable plugin 104743 detects services that still negotiate TLS 1.0.
In-the-wild statusNo KEV-style signal. This finding is not a CVE, so there is no CISA KEV entry for the plugin itself. Real risk comes from enabling older protocol negotiation, not from a one-shot exploit chain.
Proof-of-concept availabilityCommodity test tooling is everywhere: openssl s_client -tls1, nmap --script ssl-enum-ciphers, and sslyze can verify exposure. There is no single RCE PoC because TLS 1.0 support alone does not directly yield code execution.
EPSSN/A. FIRST EPSS scores published CVEs; this is a protocol-configuration finding rather than a CVE.
KEV statusN/A / not listed. CISA KEV is a catalog of exploited CVEs. This issue has no CVE identifier to track there.
Vendor CVSS6.5 Medium with CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N. The AC:H is the tell: even Tenable's own vector admits meaningful exploit friction.
Standards positionFormally deprecated. RFC 8996 moved TLS 1.0 and 1.1 to *Historic* in March 2021 and recommends a minimum of TLS 1.2.
Affected scopeAny endpoint that still accepts TLSv1. This cuts across web servers, mail gateways, appliances, load balancers, Java apps, embedded gear, and legacy middleware.
Fixed stateNo patched version. The fix is a configuration state: disable TLS 1.0 and require TLS 1.2+ on the TLS terminator or application stack. Distro backports may still report older package versions while safely defaulting to newer protocol policy.
Internet exposureShrinking but not gone. Censys' 2023 report says the share of HTTPS services whose highest negotiated version was TLS 1.0 fell from 3.89% in 2022 to 2.70% in 2023, a 31% decrease.
04 · The Call

noisgate verdict.

Final Verdict
DOWNGRADED to LOW (3.2/10)

The single biggest downward driver is attacker position: this is usually exploitable only when the adversary is already on-path or coercing a legacy client, which makes it a poor candidate for emergency patching. TLS 1.0 support absolutely increases risk and compliance pain, but it usually weakens session security rather than handing over the server.

HIGH This is not a direct unauthenticated remote host-compromise path
MEDIUM Business impact varies sharply by whether the service is internet-facing, PCI-scoped, or tied to legacy clients

Why this verdict

  • Requires attacker-in-the-middle. The practical exploit chain usually starts with shared-network, rogue proxy, or upstream control rather than a clean internet-origin attack.
  • Modern clients already suppress the bad path. Major browsers and many OS/runtime defaults stopped accepting TLS 1.0 years ago, which narrows the real exposed population.
  • Blast radius is session-level, not host takeover. The likely impact is weaker confidentiality/integrity for a subset of traffic, not immediate RCE or domain compromise.

Why not higher?

There is no strong evidence that TLS 1.0 enabled by itself is a reliable one-packet compromise path. Exploitation typically depends on extra prerequisites: on-path access, legacy client behavior, and sometimes weak cipher negotiation. That stack of prerequisites compounds downward pressure on severity.

Why not lower?

Leaving TLS 1.0 enabled is still not harmless. RFC 8996 formally deprecated it in March 2021, NIST says enabling TLS 1.0 or 1.1 when unnecessary can leave systems and users vulnerable to attacks, and payment environments have had years of pressure to remove it. If the service carries sensitive data or faces partners/customers, this remains security debt worth closing.

05 · Compensating Control

What to do — in priority order.

  1. Inventory legacy clients — Identify which applications, devices, or partner integrations still negotiate TLSv1, then tie each one to a business owner. For a LOW verdict there is no mitigation SLA; do this as backlog hygiene in the next normal review cycle so you can remove unjustified exceptions cleanly.
  2. Restrict exposure — If TLS 1.0 must remain temporarily, keep it off internet-facing listeners where possible and confine it to internal or partner-specific entry points behind IP allowlists, VPN, or dedicated reverse proxies. For a LOW verdict there is no mitigation SLA; use the next planned change window rather than emergency maintenance.
  3. Log negotiated protocol versions — Turn on TLS version logging at load balancers, proxies, and gateways so you can prove whether TLSv1 is actually used or just accidentally left enabled. For a LOW verdict there is no mitigation SLA; use this to drive cleanup before the remediation window turns into permanent exception debt.
  4. Disable weak cipher overlap — Where TLS 1.0 cannot yet be removed, at least prune obviously weak cipher options and review fallback settings to reduce downgrade abuse paths. This is a temporary risk reducer only; for a LOW verdict there is no mitigation SLA, so schedule it with regular crypto hardening work.
What doesn't work
  • WAF does not solve a protocol-version problem; it sits above the TLS negotiation you are trying to eliminate.
  • Renewing the certificate does not remove TLS 1.0 support; a fresh cert can still be presented over a deprecated protocol.
  • Patching OpenSSL or Schannel alone is not enough if the service policy still allows TLSv1; this is usually a configuration and compatibility cleanup task.
06 · Verification

Crowdsourced verification payload.

Run this from an auditor workstation or any Linux/macOS admin host with OpenSSL that can reach the target service. Invoke it as ./check_tls10.sh example.com 443 or ./check_tls10.sh 10.10.20.15 8443 app.example.com; it needs no elevated privileges unless your environment restricts outbound connections.

noisgate-verify.sh
BASHREAD-ONLYSAFE
#!/usr/bin/env bash
# check_tls10.sh
# Test whether a remote service still negotiates TLS 1.0.
# Exit codes:
#   0 = PATCHED (TLS 1.0 refused)
#   1 = VULNERABLE (TLS 1.0 negotiated)
#   2 = UNKNOWN (tooling/network/error)

set -u

if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then
  echo "Usage: $0 <host> <port> [sni]"
  echo "Example: $0 example.com 443"
  echo "Example: $0 10.0.0.5 8443 app.example.com"
  exit 2
fi

HOST="$1"
PORT="$2"
SNI="${3:-$HOST}"

if ! command -v openssl >/dev/null 2>&1; then
  echo "UNKNOWN: openssl not found in PATH"
  exit 2
fi

OUT=$(printf '' | openssl s_client -connect "${HOST}:${PORT}" -servername "$SNI" -tls1 2>&1)
RC=$?

# Successful TLS 1.0 negotiation indicators vary a bit by OpenSSL version.
if printf '%s\n' "$OUT" | grep -qiE 'Protocol *: *TLSv1|New, *TLSv1/SSLv3'; then
  echo "VULNERABLE: ${HOST}:${PORT} negotiated TLS 1.0"
  exit 1
fi

# Common refusal signals when TLS 1.0 is disabled.
if printf '%s\n' "$OUT" | grep -qiE 'unsupported protocol|wrong version number|tlsv1 alert protocol version|handshake failure|no protocols available|alert protocol version'; then
  echo "PATCHED: ${HOST}:${PORT} refused TLS 1.0"
  exit 0
fi

# If openssl exited cleanly but we still could not parse the result, keep it conservative.
if [ "$RC" -eq 0 ]; then
  echo "UNKNOWN: connection succeeded but protocol result was not clear"
  exit 2
fi

echo "UNKNOWN: unable to determine TLS 1.0 support for ${HOST}:${PORT}"
printf '%s\n' "$OUT" | tail -n 20
exit 2
07 · Bottom Line

If you remember one thing.

TL;DR
Monday morning, treat this as crypto backlog with exceptions, not as a fleetwide fire drill. Start by separating internet-facing, PCI-scoped, and partner-exposed listeners from everything else, because those are the only places where this finding regularly turns into real risk or audit pain. For a LOW verdict there is no noisgate mitigation SLA and no noisgate remediation SLA; treat it as backlog hygiene, document justified legacy dependencies now, and fold TLS 1.0 removal into your next planned protocol-hardening cycle rather than burning an emergency patch window.

Sources

  1. Tenable Nessus Plugin 104743
  2. RFC 8996 - Deprecating TLS 1.0 and TLS 1.1
  3. NIST SP 800-52 Rev. 2 PDF
  4. Microsoft Learn - TLS 1.0 and 1.1 deprecation in Windows
  5. Mozilla Security Blog - Removing Old Versions of TLS
  6. Censys 2023 State of the Internet Report PDF
  7. CISA Known Exploited Vulnerabilities Catalog
  8. PCI SSC - PCI Changes Date for Migrating from SSL and Early TLS
Peer Review

What defenders are saying.

Submit a review attribution: handle + country only
0 flags selected · stored anonymously
Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.