asked on SSL VA
Issue :SSL Certificate Signed Using Weak Hashing Algorithm
An SSL certificate in the certificate chain has been signed using a
weak hash algorithm. The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.
Note that certificates in the chain that are contained in the Nessus
CA database (known_CA.inc) have been ignored.
Contact the Certificate Authority to have the certificate reissued.
http://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?e120eea1
http://technet.microsoft.com/en-us/security/advisory/961509
Plugin output:The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.
|-Subject : CN=XXX
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Sep 30 12:06:43 2016 GMT
|-Valid To : Sep 28 12:06:43 2026 GMT
An SSL certificate in the certificate chain has been signed using a
weak hash algorithm. The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.
Note that certificates in the chain that are contained in the Nessus
CA database (known_CA.inc) have been ignored.
Contact the Certificate Authority to have the certificate reissued.
http://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?e120eea1
http://technet.microsoft.com/en-us/security/advisory/961509
Plugin output:The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.
|-Subject : CN=XXX
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Sep 30 12:06:43 2016 GMT
|-Valid To : Sep 28 12:06:43 2026 GMT
EncryptionDatabasesSSL / HTTPSAlgorithms
Last Comment
Molly s
And the question is?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thnk u