SSL/TLS Certificate Signed Using Weak Hashing Algorithm

Medium Web Application Scanning Plugin ID 112542

Synopsis

SSL/TLS Certificate Signed Using Weak Hashing Algorithm

Description

The remote server uses an SSL/TLS certificate that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Solution

Purchase or generate a new SSL/TLS certificate using SHA-2 signature algorithm to replace the existing one.

Plugin Details

Severity: Medium

ID: 112542

Type: remote

Family: SSL/TLS

Published: 2019/02/04

Updated: 2019/02/04

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference Information

CWE: 327

WASC: Insufficient Transport Layer Protection

OWASP: 2010-A9, 2013-A6, 2017-A3