Hi Have got a vulnerability " SSL Certificate Signed Using A Weak
Signature Algorithm" in one of our windows servers.
Tried the below steps
Installed IIS Crypto Removed SHA
Did a server restart.
Vulnerability still remains the same.
Also we are not able to make RDP connections to the server as root certificates
are using SHA1 for remote services.
Any suggestions are much appreciated.
Medium (CVSS: 4.0)NVT: SSL Certificate Signed Using A Weak Signature Algorithm
Service3389
SummaryThe remote service is using a SSL certificate chain that has been signed
using a cryptographicallyweak hashing algorithm.
Vulnerability Detection Result
The certificates are part of the certificate chain but using
insecure,!signature algorithms:
Signature Algorithm: sha1WithRSAEncryption
Vulnerability Insight
Secure Hash Algorithm 1 (SHA-1) is considered cryptographically weak and not
secure enoughfor ongoing use. Beginning as late as January 2017 and as early as
June 2016, browser developerssuch as Microsoft and Google will begin warning
users when users visit web sites that use SHA-1signed Secure Socket Layer (SSL)
certicates. Servers that use SSL certificates signed usingan SHA-1 signature
will need to obtain new SHA-2 signed SSL certificates to avoid these webbrowser
SSL certificate warnings.
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss