SSL Self-Signed Certificate

medium Nessus Plugin ID 57582

Synopsis

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Description

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Solution

Purchase or generate a proper SSL certificate for this service.

Plugin Details

Severity: Medium

ID: 57582

File Name: ssl_self_signed_certificate.nasl

Version: 1.6

Type: remote

Family: General

Published: 1/17/2012

Updated: 6/14/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on an analysis of the vulnerability by tenable.

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

Required KB Items: SSL/Chain/SelfSigned