SSL Certificate Chain Contains Illegitimate TURKTRUST Intermediate CA

medium Nessus Plugin ID 63398
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The SSL certificate chain for this service is not to be trusted.


The X.509 certificate chain sent by the remote host either contains or is signed by an intermediate Certificate Authority (CA) that was accidentally issued by TURKTRUST.

Certificate chains descending from this intermediate CA could allow an attacker to perform man-in-the-middle attacks and decode traffic.


Ensure that your software or operating system blacklists the intermediate CAs.

See Also

Plugin Details

Severity: Medium

ID: 63398

File Name: ssl_turktrust.nasl

Version: 1.5

Type: remote

Family: General

Published: 1/7/2013

Updated: 10/26/2020

Dependencies: ssl_supported_versions.nasl

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Medium

Base Score: 4

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport, SSL/Supported

Vulnerability Publication Date: 12/26/2012