Hi All,
I am running the 'solve-sweet32.ps1 script from https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1
I first ran it with the '-Solve:"SWEET32"' argument to clean it up. However a subsequent scan stated that the vulnerability was still present. I then ran it without any arguments so it will clean up all vulnerabilities found. Still, a scan showed the server as still being vulnerable. See below for output from this second run of the command. Any assistance is appreciated!
PS C:\Users\36207PA\Desktop> Set-ExecutionPolicy Unrestricted PS C:\Users\36207PA\Desktop> .\solve-sweet32.ps1 Solving vulnerability --> SWEET32 WARNING: They key already exits (HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Trip le DES 168/168) The registry entry with property enabled = 0, already exists Solving vulnerability --> TLS1.0 Create new Key (HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNE L\Protocols\TLS 1.0) Creating new property Enabled = 0 for TLS 1.0 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client) Creating new property Enabled = 0 for TLS 1.0 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server) Create new Key (HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNE L\Protocols\TLS 1.1) Creating new property Enabled = 0 for TLS 1.1 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client) Creating new property Enabled = 0 for TLS 1.1 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server) Creating 'Enabled' and 'DisabledByDefault' for TLS 1.2 in (HKLM:\SYSTEM\CurrentC ontrolSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client) New-ItemProperty : Cannot convert value "4294967295" to type "System.Int32". Er ror:"Value was either too large or too small for an Int32." At C:\Users\36207PA\Desktop\Solve-Sweet32.ps1:233 char:41 + New-ItemProperty <<<< -PropertyType DWORD -Path "$cs path" -Name "Enabled" -Value 4294967295 -Force| Out-Null + CategoryInfo : WriteError: (HKEY_LOCAL_MACH...\TLS 1.2\Client:S tring) [New-ItemProperty], PSInvalidCastException + FullyQualifiedErrorId : System.Management.Automation.PSInvalidCastExcept ion,Microsoft.PowerShell.Commands.NewItemPropertyCommand Creating 'Enabled' and 'DisabledByDefault' for TLS 1.2 in (HKLM:\SYSTEM\CurrentC ontrolSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server) New-ItemProperty : Cannot convert value "4294967295" to type "System.Int32". Er ror: "Value was either too large or too small for an Int32." At C:\Users\36207PA\Desktop\Solve-Sweet32.ps1:233 char:41 + New-ItemProperty <<<< -PropertyType DWORD -Path "$cs path" -Name "Enabled" -Value 4294967295 -Force| Out-Null + CategoryInfo : WriteError: (HKEY_LOCAL_MACH...\TLS 1.2\Server:S tring) [New-ItemProperty], PSInvalidCastException + FullyQualifiedErrorId : System.Management.Automation.PSInvalidCastExcept ion,Microsoft.PowerShell.Commands.NewItemPropertyCommand Cleaning up variables