SuperMicro Device Uses Default SSL Certificate

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote device is using the default SSL certificate for this
service, whose private key is public knowledge.

Description :

The X.509 certificate of the remote host has not been changed from the
default certificate that is hardwired into the firmware. The private
key corresponding to this certificate is shared across all devices
running the same firmware, meaning that the remote host's X.509
certificate cannot be trusted.

See also :

http://www.nessus.org/u?99a8b71e

Solution :

Configure the device to use a device-specific certificate.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.4
(CVSS2#E:U/RL:U/RC:UC)
Public Exploit Available : false

Family: General

Nessus Plugin ID: 71534 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now