This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote service is using a well-known SSL certificate whose private
key has been published.
The X.509 certificate of the remote host is known to ship by default
with the remote service / device. The private key for this cert has
been published, therefore the SSL communications done with the remote
host cannot be considered secret as anyone with the ability to snoop the
traffic between the remote host and the clients could decipher the
traffic or launch a man-in-the-middle attack.
See also :
Purchase or generate a proper certificate for this service and replace
it, or ask your vendor for a way to do so.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : false
Nessus Plugin ID: 72245 ()
Bugtraq ID: 65101
CVE ID: CVE-2014-0675
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.