SSL Revoked Certificate Detection

Critical Nessus Network Monitor Plugin ID 5841

Synopsis

The remote host has been compromised and is running a 'Backdoor' program

Description

The remote SSL server is using a certificate which has been revoked. The particular SSL certificate has a serial number of '\x00\xf5\xc8\x6a\xf3\x61\x62\xf1\x3a\x64\xf5\x4f\x6d\xc9\x58\x7c\x06' and an Issuer of USERTRUST.

Solution

There is a high probability that your server has been compromised. You should manually inspect and fix this system.

See Also

https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

Plugin Details

Severity: Critical

ID: 5841

File Name: 5841.prm

Family: Backdoors

Published: 2011/03/23

Modified: 2016/01/15

Dependencies: 5620

Risk Information

Risk Factor: Critical