Well-known SSL Certificate Used in Remote Device

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote service is using a well-known SSL certificate whose private
key has been published.

Description :

The X.509 certificate of the remote host is known to be shipping by
default with the remote service / device. The private key for this
cert has been published, therefore the SSL communications done with
the remote host can not be considered as being secret as anyone with
the ability to snoop the traffic between the remote host and the
clients could decipher the traffic.

See also :

http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/

Solution :

Purchase or generate a proper certificate for this service and
replace it, or ask your vendor for a way to do so.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: General

Nessus Plugin ID: 51356 ()

Bugtraq ID:

CVE ID: