SSL Certificate Signed Using Weak Hashing Algorithm

Medium Nessus Plugin ID 35291

Synopsis

An SSL certificate in the certificate chain has been signed using a
weak hash algorithm.

Description

The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

Note that certificates in the chain that are contained in the Nessus
CA database (known_CA.inc) have been ignored.

Solution

Contact the Certificate Authority to have the certificate reissued.

See Also

https://tools.ietf.org/html/rfc3279

http://www.nessus.org/u?9bb87bf2

http://www.nessus.org/u?e120eea1

http://www.nessus.org/u?5d894816

http://www.nessus.org/u?51db68aa

http://www.nessus.org/u?9dc7bfba

Plugin Details

Severity: Medium

ID: 35291

File Name: ssl_weak_hash.nasl

Version: 1.29

Type: remote

Family: General

Published: 2009/01/05

Modified: 2018/12/13

Dependencies: 57571

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2004-2761

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: cpe:/a:ietf:md5, cpe:/a:ietf:x.509_certificate

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/08/18

Reference Information

CVE: CVE-2004-2761

BID: 11849, 33065

CERT: 836068

CWE: 310