SSL Certificate Signed Using Weak Hashing Algorithm

  • Thread starter Sandeep Kumar Reddy Lingampalli
  • Start date
S

Sandeep Kumar Reddy Lingampalli

Tenable Scan provides the below report but i dont see any certificate with MD2, MD4, MD5, or SHA1. Could you please advise the fix for this case?An SSL certificate in the certificate chain has been signed using a weak hash algorithm.The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affec

Continue reading...
 
You must log in or register to reply here.

Similar threads

L
Create EFS certificate with custom cipher options
Replies
0
Views
244
LaurFlorin
L
Y
Certificate Templates Folder Missing From Certification Authority Hierarchy
Replies
0
Views
400
YeskeJA
Y
O
RDS farm - valid certificate generate error
Replies
0
Views
2K
octavmarius
O
U
Certificate Authority Signing SHA-1 (Instead of Requested SHA-256)
Replies
0
Views
268
UpTide
U
B
Subordinate Certificate Authority fails to start (crypt_e_revocation_offline) under 3rd party root CA
Replies
0
Views
876
bitor_mk2
B
Back
Top Bottom