How to fix the vulnerability issues in my Production server:
Insecure Certificate Signature Algorithm in Use, CVE-2004- 2761
The certificate signature algorithm in use is deemed insecure due to it's susceptibility to a collision attack. This vulnerability could allow attackers to conduct spoofing attacks.
Subject: /C=US/O=GeoTrust, Inc./CN=RapidSSL CA
Issuer: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
Certificate Chain Depth: 0
Certificate Signature Algorithm: sha1WithRSAEncryption
If a SHA-1 signature algorithm is in use, it will be flagged if the certificate does not expire before January 1, 2017. Major browser vendors (Microsoft, Google, and Mozilla) have committed to completely deprecating the acceptance of SHA-1 in their browsers by 2017 due to it's known weaknesses.
http://ift.tt/1DLs2AQ
Remediation: Update all certificates to use a secure hash function such as SHA-2 or greater as it's signature algorithm.
Aucun commentaire:
Enregistrer un commentaire