SSL Certificate Signed Using SHA-1 Algorithm

info Nessus Plugin ID 86067

Synopsis

An SSL certificate in the certificate chain has been signed using the SHA-1 hashing algorithm.

Description

The remote service uses an SSL certificate chain that has been signed with SHA-1, a cryptographically weak hashing algorithm. This signature algorithm is known to be vulnerable to collision attacks. An attacker can potentially exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire on or between January 1, 2016 and December 31, 2016 as informational. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

See Also

https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html

https://tools.ietf.org/html/rfc3279

Plugin Details

Severity: Info

ID: 86067

File Name: ssl_sha1_hash_info.nasl

Version: 1.6

Type: remote

Family: General

Published: 9/22/2015

Updated: 1/25/2019

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: SSL/Chain/SHA-1/JAN-DEC-16