SSL Certificate Contains Weak RSA Key (Infineon TPM / ROCA)

medium Nessus Plugin ID 103864


The X.509 certificate chain used by this service contains certificates with RSA keys that may have been improperly generated.


At least one of the X.509 certificates sent by the remote host has an RSA key that appears to be generated improperly, most likely by a TPM (Trusted Platform Module) produced by Infineon Technologies.
A third party may be able to recover the private key from the certificate's public key. This may allow an attacker to impersonate an HTTPS website or decrypt SSL/TLS sessions to the remote service.


Upgrade the firmware for all Infineon TPMs and revoke the affected certificates, including any certificates signed by an affected key.

See Also

Plugin Details

Severity: Medium

ID: 103864

File Name: ssl_weak_rsa_keys_roca.nasl

Version: 1.8

Type: remote

Family: General

Published: 10/17/2017

Updated: 10/26/2020

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-15361


Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2017-15361

IAVA: 2017-A-0313