Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Plugin Spotlight: SSL Certificates

During the past few weeks, the Tenable R&D team has created several plugins to enhance SSL certificate auditing capability. Nessus will identify SSL certificates regardless of port and launch dozens of plugins to check for a variety of weaknesses and vulnerabilities. Three new plugins expand that auditing capability to more effectively audit your organization.

SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions

Tenable has released a plugin titled “SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions” (ID# 56284) to help users verify X.509 / SSL certificate chains. Based on RFC 3280 guidelines, Nessus will examine an SSL certificate found on any port to verify that it adheres to all basic constraints and key usage extensions. If an X.509 certificate in a chain fails to adhere to constraints and usage extensions, Nessus will report that violations are present. This finding means that either a root or intermediate Certificate Authority (CA) signed a certificate incorrectly.

Per RFC 3280, an X.509 certificate must follow these rules:

  • The key usage extension must appear in certificates that contain public keys and be marked critical. (Section 4.2.1.3)
  • If the keyCertSign bit is asserted, then the cA bit in the basic constraints extension must also be asserted. (Section 4.2.1.3)
  • The pathLenConstraint field must be greater than or equal to zero. (Section 4.2.1.0)

SSL Certificate signed with revoked DigiNotar Certificate Authority

In August, a Certificate Authority (CA) called DigiNotar was compromised after Google discovered the company issued a certificate for google.com that was not authorized by Google. The compromise of DigiNotar caused serious concern over what other certificates may have been issued, and if they had been used maliciously. Ultimately, 531 certificates were found to have been issued including ones for *.*.com, *.*.org and other Certificate Authorities.

Nessus plugin ID# 56043 will examine all SSL certificates it discovers to determine if they were issued by DigiNotar. It is recommended that any DigiNotar issued certificate be revoked and re-issued to ensure integrity.

SSL Certificate Null Character Spoofing Weakness

Nessus will also use plugin ID# 42053 to examine SSL certificates for a Common Name containing a Null character (\x00) in it. This may indicate a compromise or that a program such as SSLsniff is spoofing the certificate in order to intercept the traffic via a Man-in-The-Middle (MiTM) attack. Certificates with such characters may exploit a bug contained in many different web browsers and other SSL-related products, in how they validate the Common Name of such a certificate.

Conclusion

Organizations rely on the integrity of Certificate Authorities to provide a level of trust between the certificate owner and the parties relying on the certificate. Attackers can exploit this trust if they can compromise the Certificate Authority. These new Nessus plugins can help validate that this trust is not misplaced.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security