SSL Certificate Signed with the Compromised FortiGate Key

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The SSL certificate for this service was signed by a certificate
authority (CA) whose private key has been compromised.

Description :

The X.509 certificate of the remote host was signed by a certificate
belonging to a Certificate Authority (CA) found in FortiGate devices.
The private key corresponding to the CA has been compromised, meaning
that the remote host's X.509 certificate cannot be trusted.

Certificate chains descending from this CA could allow an attacker to
perform man-in-the-middle attacks and decode traffic.

Solution :

Configure the device to use a device-specific CA certificate.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 62969 ()

Bugtraq ID: 56382

CVE ID: CVE-2012-4948

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial