From 521284253f4583d6d140eb0ac4358c4159cc1129 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Tue, 10 Jun 2014 10:23:46 -0500
Subject: [PATCH] Be more clear about the vuln and impact

---
 modules/auxiliary/scanner/ssl/openssl_ccs.rb | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/modules/auxiliary/scanner/ssl/openssl_ccs.rb b/modules/auxiliary/scanner/ssl/openssl_ccs.rb
index 434d3d9ffa..bfb7275344 100644
--- a/modules/auxiliary/scanner/ssl/openssl_ccs.rb
+++ b/modules/auxiliary/scanner/ssl/openssl_ccs.rb
@@ -77,11 +77,14 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'           => 'OpenSSL CCS Injection Scanner',
+      'Name'           => 'OpenSSL Server-Side ChangeCipherSpec Injection Scanner',
       'Description'    => %q{
-        This module allows to check for the OpenSSL CCS Injection attack. The problem
-        exists in the handling of early ChangeCipherSpec messages, with OpenSSL
-        accepting them.
+        This module checks for the OpenSSL ChageCipherSpec (CCS)
+        Injection vulnerability. The problem exists in the handling of early
+        CCS messages during session negotation. Vulnerable installations of OpenSSL accepts
+        them, while later implementations do not. If successful, an attacker can leverage this
+        vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec
+        between a client and server. This issue was first reported in early June, 2014.
       },
       'Author'         => [
         'Masashi Kikuchi', # Vulnerability discovery
@@ -128,12 +131,12 @@ class Metasploit3 < Msf::Auxiliary
     sock.put(ccs)
     alert = sock.get_once(-1, response_timeout)
     if alert.blank?
-      print_good("#{peer} - No Alert after invalid CSS message, probably vulnerable")
+      print_good("#{peer} - No alert after invalid CSS message, probably vulnerable")
       report
     elsif alert.unpack("C").first == ALERT_RECORD_TYPE
-      vprint_error("#{peer} - Alert record as response to the invalid CCS Message")
+      vprint_error("#{peer} - Alert record as response to the invalid CCS Message, probably not vulnerable")
     elsif alert
-      vprint_warning("#{peer} - Unexpected response...")
+      vprint_warning("#{peer} - Unexpected response.")
     end
   end