Ssl Tls Certificate Weak Signature Sha1

Description

This detector identifies SSL/TLS certificates that use weak SHA-1 signature algorithms. SHA-1 is cryptographically broken and vulnerable to collision attacks, making certificates signed with SHA-1 unsuitable for secure communications and deprecated by major browsers and certificate authorities.

Weakness:

262 - Insecure encryption algorithm - SHA1

Category: Information Collection

Detection Strategy

• Establishes SSL/TLS connection to the target server

• Examines the X.509 certificate presented by the server

• Checks if the certificate's signature hash algorithm is SHA-1

• Reports vulnerability when SHA-1 signature algorithm is detected in the certificate

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.