SuperMicro Device Uses Default SSL Certificate

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote device is using the default SSL certificate for this
service, whose private key is public knowledge.

Description :

The X.509 certificate of the remote host has not been changed from the
default certificate that is hardwired into the firmware. The private
key corresponding to this certificate is shared across all devices
running the same firmware, meaning that the remote host's X.509
certificate cannot be trusted.

See also :

http://www.nessus.org/u?99a8b71e

Solution :

Configure the device to use a device-specific certificate.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: General

Nessus Plugin ID: 71534 ()

Bugtraq ID:

CVE ID: