Detections
Analytics

SSL Certificate Contains Weak RSA Key (Infineon TPM / ROCA)

medium Nessus Plugin ID 103864

Language:

Synopsis

The X.509 certificate chain used by this service contains certificates with RSA keys that may have been improperly generated.

Description

At least one of the X.509 certificates sent by the remote host has an RSA key that appears to be generated improperly, most likely by a TPM (Trusted Platform Module) produced by Infineon Technologies.
A third party may be able to recover the private key from the certificate's public key. This may allow an attacker to impersonate an HTTPS website or decrypt SSL/TLS sessions to the remote service.

Solution

Upgrade the firmware for all Infineon TPMs and revoke the affected certificates, including any certificates signed by an affected key.

See Also

https://crocs.fi.muni.cz/public/papers/rsa_ccs17

http://www.nessus.org/u?9357cd2f

http://www.nessus.org/u?3495f5d8

https://support.hp.com/us-en/document/c05792935

https://support.lenovo.com/us/en/product_security/len-15552

http://www.nessus.org/u?5b614caf

Plugin Details

Severity: Medium

ID: 103864

File Name: ssl_weak_rsa_keys_roca.nasl

Version: 1.8

Type: remote

Family: General

Published: 10/17/2017

Updated: 10/26/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-15361

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2017-15361

IAVA: 2017-A-0313