Detections
Analytics
Well-known SSL Certificate Used in Remote Device
medium Nessus Plugin ID 51356
Language:
Synopsis
The remote service is using a well-known SSL certificate whose private key has been published.Description
The X.509 certificate of the remote host is known to be shipping by default with the remote service / device. The private key for this cert has been published, therefore the SSL communications done with the remote host can not be considered as being secret as anyone with the ability to snoop the traffic between the remote host and the clients could decipher the traffic.Solution
Purchase or generate a proper certificate for this service and replace it, or ask your vendor for a way to do so.See Also
http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/
Plugin Details
Severity: Medium
ID: 51356
File Name: ssl_known_cert.nasl
Version: 1.8
Type: remote
Family: General
Published: 12/21/2010
Updated: 8/7/2012
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: SSL/Supported