Windows Phone7 < 7.10.8107 Out-of-Date SSL Certificate Blacklist

medium Nessus Plugin ID 62517

Synopsis

The Windows Phone7 has an out-of-date SSL certificate blacklist.

Description

Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. When broken, these weak encryption keys could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Solution

Apply the relevant update provided by Microsoft.

See Also

http://www.entrust.net/advisories/malaysia.htm

Plugin Details

Severity: Medium

ID: 62517

File Name: windows_phone7_10_8107.nbin

Version: 1.94

Type: local

Published: 10/12/2012

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:windows:winphone

Required KB Items: mdm/dependency/unlocked

Patch Publication Date: 11/10/2011

Vulnerability Publication Date: 11/10/2011