SSL Certificate Contains Weak RSA Key (Infineon TPM / ROCA)

Medium Nessus Plugin ID 103864

Synopsis

The X.509 certificate chain used by this service contains certificates with RSA keys that may have been improperly generated.

Description

At least one of the X.509 certificates sent by the remote host has an RSA key that appears to be generated improperly, most likely by a TPM (Trusted Platform Module) produced by Infineon Technologies.
A third party may be able to recover the private key from the certificate's public key. This may allow an attacker to impersonate an HTTPS website or decrypt SSL/TLS sessions to the remote service.

Solution

Upgrade the firmware for all Infineon TPMs and revoke the affected certificates, including any certificates signed by an affected key.

See Also

https://crocs.fi.muni.cz/public/papers/rsa_ccs17

http://www.nessus.org/u?9357cd2f

http://www.nessus.org/u?3495f5d8

https://support.hp.com/us-en/document/c05792935

https://support.lenovo.com/ca/en/product_security/len-15552

http://www.nessus.org/u?5b614caf

Plugin Details

Severity: Medium

ID: 103864

File Name: ssl_weak_rsa_keys_roca.nasl

Version: $Revision: 1.2 $

Type: remote

Family: General

Published: 2017/10/17

Modified: 2017/10/26

Dependencies: 57571

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:P

Reference Information

CVE: CVE-2017-15361

IAVA: 2017-A-0313