SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

A known CA SSL certificate in the certificate chain has been signed
using a weak hashing algorithm.

Description :

The remote service uses a known CA certificate in the SSL certificate
chain that has been signed using a cryptographically weak hashing
algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms
are known to be vulnerable to collision attacks. An attacker can
exploit this to generate another certificate with the same digital
signature, allowing the attacker to masquerade as the affected

Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

See also :

Solution :

Contact the Certificate Authority to have the certificate reissued.

Risk factor :


Family: General

Nessus Plugin ID: 95631 ()

Bugtraq ID: 11849

CVE ID: CVE-2004-2761

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now