Windows Phone7 < 7.10.8107 Out-of-Date SSL Certificate Blacklist

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The Windows Phone7 has an out-of-date SSL certificate blacklist.

Description :

Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate
certification authority (CA) under Entrust and GTE CyberTrust, has
issued 22 certificates with weak 512 bit keys. When broken, these weak
encryption keys could allow an attacker to use the certificates
fraudulently to spoof content, perform phishing attacks, or perform
man-in-the-middle attacks against all Web browser users including users
of Internet Explorer. While this is not a vulnerability in a Microsoft
product, this issue affects all supported releases of Microsoft
Windows.

See also :

http://www.entrust.net/advisories/malaysia.htm

Solution :

Apply the relevant update provided by Microsoft.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Mobile Devices

Nessus Plugin ID: 62517 ()

Bugtraq ID:

CVE ID: