348 – Insecure digital certificates - Lifespan

Description

The certificates are valid for more than two years.

Impact

Increase the chances of the certificate being susceptible to zero-day vulnerabilities.

Recommendation

Generate a certificate that complies with recommended best practices.

Threat

Anonymous attacker from an adjacent network.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 088 - Request client certificates
• 089 - Limit validity of certificates
• 090 - Use valid certificates
• 091 - Use internally signed certificates
• 092 - Use externally signed certificates
• 093 - Use consistent certificates

Last updated

2024/02/19