OpenSSL < 0.9.8k Signature Repudiation
Low Nessus Plugin ID 17764
SynopsisThe remote server is affected by a signature repudiation vulnerability.
DescriptionAccording to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8k. As such, it may allow a valid sign to generate invalid signatures which would appear valid and could be repudiated later.
This only affects CMS users. CMS appeared in OpenSSL 0.9.8h.
SolutionUpgrade to OpenSSL 0.9.8k or later.