SSL Certificate Chain Contains Illegitimate TURKTRUST Intermediate CA

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The SSL certificate chain for this service is not to be trusted.

Description :

The X.509 certificate chain sent by the remote host either contains or
is signed by an intermediate Certificate Authority (CA) that was
accidentally issued by TURKTRUST.

Certificate chains descending from this intermediate CA could allow an
attacker to perform man-in-the-middle attacks and decode traffic.

See also :

http://technet.microsoft.com/en-us/security/advisory/2798897
http://www.nessus.org/u?4d896fab
http://www.nessus.org/u?d92931ec
http://www.turktrust.com.tr/kamuoyu-aciklamasi.2.html

Solution :

Ensure that your software or operating system blacklists the
intermediate CAs.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

Family: General

Nessus Plugin ID: 63398 ()

Bugtraq ID:

CVE ID: