SSL Certificate Signed Using Weak Hashing Algorithm
high Nessus Plugin ID 35291
Language:
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
Solution
Contact the Certificate Authority to have the SSL certificate reissued.See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
Plugin Details
Severity: High
ID: 35291
File Name: ssl_weak_hash.nasl
Version: 1.32
Type: remote
Family: General
Published: 1/5/2009
Updated: 1/14/2022
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Temporal Vector: E:POC/RL:OF/RC:C
CVSS Score Source: CVE-2004-2761
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ietf:md5, cpe:/a:ietf:x.509_certificate
Required KB Items: SSL/Chain/WeakHash
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 8/18/2004
Reference Information
CVE: CVE-2004-2761