Ssl Tls Server Accepts Short Rsa Key
Description
This detector identifies SSL/TLS servers that use RSA certificates with cryptographically weak key sizes. Short RSA keys (typically less than 2048 bits) are vulnerable to factorization attacks and do not provide adequate security for modern encryption standards.
Detection Strategy
• Establishes SSL/TLS connection to the target server
• Extracts the server's X.509 certificate from the SSL handshake
• Examines the certificate's public key to determine if it uses RSA encryption
• Measures the RSA key size in bits
• Reports a vulnerability when the RSA key size is below the minimum secure threshold (typically 2048 bits)
• Includes the actual key size found in the vulnerability report
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.