← Back to Feed CACHED · 2026-05-17 09:42:19 · cache_key CVE-2025-29912
tenable:84470 · Disclosed 2015-06-30

TLS Version 1

ASSESSED — NOISGATE V0.5
Vendor
Reassessed
Verdict:
01 · The Real Story

This is a side door with an old lock, not a blown-open front gate

Tenable plugin 84470 fires when a remote service will still negotiate TLS 1.0. This is a protocol-level finding, not a software-specific CVE: any web server, mail service, load balancer, appliance, or internal application endpoint that accepts TLS 1.0 can match. The affected range is therefore any deployment where the listener's minimum protocol is TLS 1.0 or lower, regardless of product version.

Tenable's HIGH / 8.2 score is too aggressive for most enterprises because the practical attack path usually requires a man-in-the-middle, downgrade opportunity, or legacy client actually using TLS 1.0. That is materially different from unauthenticated RCE. The risk is still meaningful for internet-facing, sensitive, or PCI-scoped systems because TLS 1.0 is deprecated by IETF, disallowed by PCI as a security control except narrow exceptions, and increasingly disabled by platform vendors.

"TLS 1.0 support is real security debt, but calling it HIGH ignores the MITM requirement and lack of direct host compromise."
02 · The Attack Path

4 steps from start to impact.

STEP 01

Enumerate a listener that still offers TLS 1.0

The attacker or assessor uses a protocol probe such as openssl s_client -tls1, nmap --script ssl-enum-ciphers, or testssl.sh to confirm the target will negotiate TLS 1.0. Tenable's plugin does essentially this at scale. This step proves protocol support, not exploitable impact by itself.
Conditions required:
  • Network reachability to the target service
  • A service that still permits TLS 1.0 negotiation
Where this breaks in practice:
  • Many enterprises already disable TLS 1.0 at edge load balancers even if backend systems are older
  • Internal-only listeners shrink attacker reach to post-compromise actors
  • Modern SaaS and browser-facing services often refuse TLS 1.0 by default
Detection/coverage: Strong scanner coverage. Nessus, nmap ssl-enum-ciphers, testssl.sh, and many ASM platforms detect this reliably.
STEP 02

Force or inherit a TLS 1.0 session

To turn protocol support into risk, the attacker needs a client that will actually negotiate TLS 1.0 or can be downgraded to it. Weaponized MITM tooling such as bettercap, sslsplit, or custom downgrade proxies can interfere with negotiation when client, network, and application behavior allow it. In modern stacks this is where most real attacks die.
Conditions required:
  • Attacker can sit on-path or otherwise influence the client-server connection
  • Client stack still supports TLS 1.0 or downgrade behavior
  • No strict application control forcing TLS 1.2+
Where this breaks in practice:
  • Requires attacker position beyond mere internet reachability
  • Modern clients prefer TLS 1.2/1.3 and many reject TLS 1.0 entirely
  • TLS_FALLBACK_SCSV, hardened libraries, and managed browsers reduce downgrade success
  • VPN, segmentation, and proxy architectures often deny practical MITM placement
Detection/coverage: Weak to moderate coverage. Network IDS may spot protocol downgrade anomalies, but many environments do not baseline TLS version negotiation per session.
STEP 03

Exploit legacy TLS cryptographic weaknesses

If a TLS 1.0 session is established, the attacker can attempt confidentiality or integrity-impacting attacks that depend on the exact cipher suites, application behavior, and placement on the wire. The IETF deprecation rationale calls out missing modern cipher support and CBC-era design issues. This is still not host takeover; it is session security degradation.
Conditions required:
  • Successful TLS 1.0 negotiation
  • Compatible weak cipher suites or exploitable application traffic patterns
  • Sustained on-path visibility or manipulation
Where this breaks in practice:
  • Impact depends heavily on negotiated ciphers and client behavior
  • Not every TLS 1.0 session is trivially decryptable in practice
  • No direct code execution or privilege gain follows from protocol support alone
Detection/coverage: Limited direct detection. You can observe TLS version and cipher use in SSL inspection, Zeek, or load-balancer telemetry, but not every cryptographic abuse attempt is obvious.
STEP 04

Harvest data from the affected session

The realistic payload is exposure of credentials, session cookies, payment data, or other in-transit secrets for the specific application flow. Blast radius is bounded to traffic crossing that legacy listener and to clients that can still be coerced into the old protocol. It does not automatically become lateral movement or domain compromise.
Conditions required:
  • Sensitive traffic traverses the affected connection
  • Client and server actually complete a vulnerable session
Where this breaks in practice:
  • Scope is per application flow rather than whole-host compromise
  • Mutual TLS, application-layer encryption, or tokenization can reduce value of captured traffic
  • Many internal services carry low-sensitivity traffic even when misconfigured
Detection/coverage: Mostly indirect. DLP, app logs, or anomalous session behavior may help, but there is rarely a clean signature for 'data stolen because TLS 1.0 existed'.
03 · Intelligence Metadata

The supporting signals.

In-the-wild statusNo CISA KEV entry and no single CVE-backed campaign to track. This is a protocol deprecation / misconfiguration finding, not a discrete exploit-with-CVE event.
Proof-of-concept availabilityAssessment tooling is public and mature: openssl, nmap ssl-enum-ciphers, and testssl.sh all verify support. MITM tooling such as bettercap and sslsplit exists, but there is no turnkey one-packet host-compromise exploit because the attack depends on downgrade and traffic conditions.
EPSSN/A — there is no canonical CVE for Tenable plugin 84470, so FIRST EPSS does not apply.
KEV statusNot applicable — this finding is not a KEV-tracked CVE.
Vendor scoreTenable rates the plugin High, CVSS 8.2 with vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N, which overstates reality because it assumes network reach equals exploitability.
CVSS reality checkThe real friction is attacker position: the interesting abuse path usually needs on-path influence or a legacy client. That is strong downward pressure versus true unauthenticated internet-remote exploitation.
Affected rangeAny service configuration that still negotiates TLS 1.0 — web servers, APIs, reverse proxies, mail services, appliances, or vendor software behind them. This is config- and stack-dependent, not tied to one product family.
Fixed stateThe secure state is minimum TLS 1.2 or higher. NIST SP 800-52 Rev. 2 requires support for TLS 1.2 and later guidance trends toward TLS 1.3; Microsoft notes TLS 1.0/1.1 are being disabled by default in preview Windows 11 / Server 2024-era builds.
Exposure dataCensys reported that for HTTPS on the public internet, less than 1% of observed services still negotiated TLS 1.0 or 1.1 as highest version, yet that still represented over 3 million services. Translation: externally exposed legacy TLS is now the minority, but not rare enough to ignore.
Disclosure timelineTenable published plugin 84470 on 2015-06-30. PCI pushed migration away from SSL / TLS 1.0 to 2018-06-30 for most entities, and IETF formally deprecated TLS 1.0/1.1 in RFC 8996 in 2021-03.
04 · The Call

noisgate verdict.

Final Verdict
DOWNGRADED to MEDIUM (5.3/10)

The decisive factor is that supporting TLS 1.0 is not the same as being remotely compromiseable; the meaningful abuse path usually requires a man-in-the-middle position or a legacy client that still negotiates the old protocol. That sharply narrows the exposed population and keeps this below HIGH for most 10,000-host enterprises.

HIGH Vendor HIGH is overstated for general enterprise risk
MEDIUM Exact impact on any one asset depends on exposure, client mix, and negotiated ciphers

Why this verdict

  • Downward adjustment: requires more than raw network reach — the dangerous path usually needs on-path control, downgrade influence, or a legacy client actually using TLS 1.0.
  • Downward adjustment: blast radius is session-level — this is about weakening transport confidentiality/integrity for a given service flow, not instant code execution or whole-host takeover.
  • Upward adjustment: broad deployment pattern — the finding can exist on load balancers, appliances, web servers, and forgotten internal services, so prevalence inside large enterprises is still meaningful.
  • Upward adjustment: compliance and trust impact — PCI explicitly rejects SSL / early TLS as a security control except narrow cases, so payment and partner-facing services carry outsized business risk even when exploitability is moderate.
  • Downward adjustment: modern client ecosystem — browser vendors, Microsoft, and standards bodies have spent years killing TLS 1.0/1.1, which reduces successful real-world exploitation paths.

Why not higher?

This is not unauthenticated RCE, auth bypass, or wormable exploitation. The core friction is attacker position: if the adversary cannot get on path or cannot coerce a legacy handshake, mere TLS 1.0 support often remains dormant technical debt rather than an active compromise path.

Why not lower?

It still weakens a security boundary at the protocol layer, and the internet still contains millions of exposed legacy TLS services. For internet-facing auth, payment, or sensitive data flows, the confidentiality impact is real enough that writing it off as backlog hygiene would be irresponsible.

05 · Compensating Control

What to do — in priority order.

  1. Enforce TLS 1.2+ at the edge — Set the minimum protocol to TLS 1.2 or higher on load balancers, reverse proxies, CDN edges, mail gateways, and VPN portals first, because that collapses exposure for many backends at once. For a MEDIUM verdict there is no mitigation SLA — go straight to the 365-day remediation window, but prioritize PCI-scoped and internet-facing services immediately because audit and customer impact outrun the security score.
  2. Inventory legacy clients before change — Pull connection telemetry from web proxies, load balancers, Schannel/OpenSSL logs, or Zeek to identify who still negotiates TLS 1.0 before you disable it. This avoids the classic enterprise trap where the only systems broken are old scanners, Java runtimes, embedded devices, or payment terminals that nobody remembered.
  3. Segment unavoidable exceptions — If a business-critical legacy device truly cannot move yet, isolate it behind dedicated VIPs, ACLs, or private network paths and keep it out of shared internet-facing listener pools. For MEDIUM, there is no mitigation SLA, but exception containment should still happen well before the 365-day remediation deadline because it reduces exposure while replacement work is scheduled.
  4. Prefer protocol enforcement over host patch chasing — Where possible, fix this once in the TLS termination layer instead of touching every backend host individually. That is the fastest path for large estates and it avoids partial cleanup where the app server is hardened but an old management port or alternate listener still accepts TLS 1.0.
What doesn't work
  • Installing unrelated OS patches without changing TLS policy does not solve the finding; the service can still negotiate TLS 1.0 afterward.
  • Relying on users to 'normally use TLS 1.2 anyway' is not a control; if the server still permits TLS 1.0, the downgrade path and legacy-client path still exist.
  • A WAF is not the answer here; this is a transport negotiation issue and the wrong TLS version can be accepted before the WAF meaningfully helps.
06 · Verification

Crowdsourced verification payload.

Run this from an auditor workstation or Linux jump host that can reach the target service over the network. Invoke it as bash check_tls10.sh example.com 443; it needs only normal user privileges and outputs VULNERABLE, PATCHED, or UNKNOWN based on whether a TLS 1.0 handshake succeeds.

noisgate-verify.sh
BASHREAD-ONLYSAFE
#!/usr/bin/env bash
# check_tls10.sh
# Purpose: verify whether a remote service still negotiates TLS 1.0
# Usage: bash check_tls10.sh <host> <port>
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN/usage

set -u

HOST="${1:-}"
PORT="${2:-}"
TIMEOUT_BIN="$(command -v timeout || true)"
OPENSSL_BIN="$(command -v openssl || true)"

if [[ -z "$HOST" || -z "$PORT" ]]; then
  echo "UNKNOWN - usage: bash check_tls10.sh <host> <port>"
  exit 2
fi

if [[ -z "$OPENSSL_BIN" ]]; then
  echo "UNKNOWN - openssl not found"
  exit 2
fi

run_cmd() {
  if [[ -n "$TIMEOUT_BIN" ]]; then
    "$TIMEOUT_BIN" 12 "$@"
  else
    "$@"
  fi
}

# Force TLS 1.0 negotiation. If handshake succeeds and a certificate/connection is established,
# the service is still vulnerable from a protocol-support perspective.
OUTPUT="$(echo | run_cmd "$OPENSSL_BIN" s_client -connect "${HOST}:${PORT}" -servername "$HOST" -tls1 2>&1)"
RC=$?

if echo "$OUTPUT" | grep -qiE 'CONNECTED\(|Protocol *: *TLSv1|Cipher *: '; then
  if ! echo "$OUTPUT" | grep -qiE 'alert protocol version|unsupported protocol|wrong version number|no protocols available|handshake failure'; then
    echo "VULNERABLE - ${HOST}:${PORT} accepted or negotiated TLS 1.0"
    exit 1
  fi
fi

if echo "$OUTPUT" | grep -qiE 'alert protocol version|unsupported protocol|no protocols available|handshake failure'; then
  echo "PATCHED - ${HOST}:${PORT} rejected TLS 1.0"
  exit 0
fi

if [[ $RC -ne 0 ]]; then
  echo "UNKNOWN - handshake test failed (network issue, non-TLS service, or ambiguous response)"
  exit 2
fi

echo "UNKNOWN - ambiguous response, inspect manually"
exit 2
07 · Bottom Line

If you remember one thing.

TL;DR
Monday morning, treat this as transport-security debt with compliance teeth, not as a fire-drill RCE. For the general case, this MEDIUM verdict means no noisgate mitigation SLA — go straight to the 365-day remediation window under the noisgate remediation SLA; use that year to eliminate TLS 1.0 from edge listeners first, then from internal stragglers. If any findings sit on PCI-scoped, payment, authentication, or internet-facing customer endpoints, do not wait for the full year: disable TLS 1.0 there in the next change window and document exceptions aggressively because audit and business friction will bite before exploit telemetry does.

Sources

  1. Tenable Nessus Plugin 84470
  2. PCI SSC FAQ: Does PCI DSS define which versions of TLS must be used?
  3. PCI SSC blog: PCI Changes Date for Migrating from SSL and Early TLS
  4. RFC 8996: Deprecating TLS 1.0 and TLS 1.1
  5. NIST SP 800-52 Rev. 2
  6. Microsoft Learn: TLS 1.0 and TLS 1.1 deprecation in Windows
  7. Censys 2023 State of the Internet Report
Peer Review

What defenders are saying.

Submit a review attribution: handle + country only
0 flags selected · stored anonymously
Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.