SSL Certificate Contains Weak RSA Key (Infineon TPM / ROCA)

Medium Nessus Plugin ID 103864


The X.509 certificate chain used by this service contains certificates with RSA keys that may have been improperly generated.


At least one of the X.509 certificates sent by the remote host has an RSA key that appears to be generated improperly, most likely by a TPM (Trusted Platform Module) produced by Infineon Technologies.
A third party may be able to recover the private key from the certificate's public key. This may allow an attacker to impersonate an HTTPS website or decrypt SSL/TLS sessions to the remote service.


Upgrade the firmware for all Infineon TPMs and revoke the affected certificates, including any certificates signed by an affected key.

See Also

Plugin Details

Severity: Medium

ID: 103864

File Name: ssl_weak_rsa_keys_roca.nasl

Version: 1.3

Type: remote

Family: General

Published: 2017/10/17

Modified: 2018/11/15

Dependencies: 57571

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:P

Reference Information

CVE: CVE-2017-15361

IAVA: 2017-A-0313