SSL / TLS Certificate Known Hard Coded Private Keys
Medium Nessus Plugin ID 121008
SynopsisKnown SSL / TLS private keys in use.
DescriptionThe remote host is running a service that is using a publicly known SSL / TLS private key.
An attacker may use this key to decrypt intercepted traffic between users and the device.
A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data in transit.
SolutionWhere possible, change the X.509 certificates so that they are unique to the device or contact vendor for guidance.