If you are involved with PCI compliance scanning you are probably familiar with the "SSL Server Has SSLv2 Enabled" vulnerability. It's one of those annoying items that always seem to show up on scan reports. Fortunately, there is a simple way to test for this vulnerability and an easy way to fix it.
Using nmap and its script scanning capability you can scan for and detect this vulnerability. An example command is listed below.
nmap -p443 --script=sslv2.nse 10.10.10.10 -vvv
If the server supports SSLv2 nmap will report:
Interesting ports on 10.10.10.10:
PORT STATE SERVICE
443/tcp open https
| sslv2: server still supports SSLv2
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_RC2_CBC_128_CBC_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_RC4_64_WITH_MD5
| SSL2_DES_64_CBC_WITH_MD5
|_ SSL2_RC4_128_EXPORT40_WITH_MD5
How to fix a vulnerable IIS server:
Open regedit and navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
Change the "Enabled" value to dword 00000000
"Enabled"=dword:00000000
Reboot the server and run nmap again to verify the vulnerability has been closed.
