This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
An SSL certificate in the certificate chain has been signed using a
weak hash algorithm.
The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
Note that certificates in the chain that are contained in the Nessus
CA database have been ignored.
See also :
Contact the Certificate Authority to have the certificate reissued.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.5
Public Exploit Available : true
Nessus Plugin ID: 35291 ()
Bugtraq ID: 1184933065
CVE ID: CVE-2004-2761
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.