SSL Certificate Signed using Weak Hashing Algorithm

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

An SSL certificate in the certificate chain has been signed using a
weak hash algorithm.

Description :

The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm - MD2, MD4, or MD5.
These signature algorithms are known to be vulnerable to collision
attacks. In theory, a determined attacker may be able to leverage
this weakness to generate another certificate with the same digital
signature, which could allow the attacker to masquerade as the
affected service.

Note that certificates in the chain that are contained in the Nessus
CA database have been ignored.

See also :

http://tools.ietf.org/html/rfc3279
http://www.phreedom.org/research/rogue-ca/
http://technet.microsoft.com/en-us/security/advisory/961509

Solution :

Contact the Certificate Authority to have the certificate reissued.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 35291 ()

Bugtraq ID: 11849
33065

CVE ID: CVE-2004-2761