This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Heather Adkins, Google's Information Security Manager, reported that
[...] reports of attempted SSL man-in-the-middle (MITM) attacks
against Google users, whereby someone tried to get between them and
encrypted Google services. The people affected were primarily located
in Iran. The attacker used a fraudulent SSL certificate issued by
DigiNotar, a root certificate authority that should not issue
certificates for Google (and has since revoked it). [...]
VASCO Data Security International Inc., owner of DigiNotar, issued a
press statement confirming this incident :
On July 19th 2011, DigiNotar detected an intrusion into its
Certificate Authority (CA) infrastructure, which resulted in the
fraudulent issuance of public key certificate requests for a number of
domains, including Google.com. [...] an external security audit
concluded that all fraudulently issued certificates were revoked.
Recently, it was discovered that at least one fraudulent certificate
had not been revoked at the time. [...]
Mozilla, maintainer of the NSS package, from which FreeBSD derived
ca_root_nss, stated that they :
revoked our trust in the DigiNotar certificate authority from all
Mozilla software. This is not a temporary suspension, it is a complete
removal from our trusted root program. Complete revocation of trust is
a decision we treat with careful consideration, and employ as a last
Three central issues informed our decision :
- Failure to notify. [...]
- The scope of the breach remains unknown. [...]
- The attack is not theoretical.
See also :
Update the affected packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now