AnsweredAssumed Answered

Schannel CVE-2014-6321 Vulnerability

Question asked by Curt Brazz on Nov 13, 2014
Latest reply on Feb 12, 2015 by mmurray



I noticed that Qualys's discovery method for this QID (90996) is "Authenticated Only".  My understanding of this vulnerability is that a remote unauthenticated attacker can exploit this, so does this mean that Qualys just hasn't released a non-authenticated signature yet for detecting this threat?  Is it safe to assume that because our organization isn't vulnerable EXTERNALLY to CVE-2014-6321 based on QID 90996 that we're not vulnerable?  Trying to get clarification, since some systems are internally vulnerable.