Improved
- Check logic. We updated the check logic for .NET Framework vulnerabilities to reduce false positives.
- Secure ciphers check. We updated the
<code>ssl-only-weak-ciphers</code>
check to no longer consider SHA1-based cipher suites as strong.
Security Updates
- We fixed CVE-2023-0681, an open redirect vulnerability affecting the Security Console. This could have allowed attackers to redirect a user to a site of their choice. This issue affects all Security Console versions up to and including 6.6.178. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. Special thanks to Beau Taub for reporting this issue to Rapid7.