SSL Revoked Certificate Detection

critical Nessus Network Monitor Plugin ID 5840

Synopsis

The remote host has been compromised and is running a 'Backdoor' program

Description

The remote SSL server is using a certificate which has been revoked. The particular SSL certificate has a serial number of '\x04\x7e\xcb\xe9\xfc\xa5\x5f\x7b\xd0\x9e\xae\x36\xe1\x0c\xae\x1e' and an Issuer of USERTRUST.

Solution

There is a high probability that your server has been compromised. You should manually inspect and fix this system.

See Also

https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

Plugin Details

Severity: Critical

ID: 5840

Version: 1.2

Family: Backdoors

Published: 3/23/2011

Updated: 12/12/2016