MohamedSulaiman (Customer) to rsaSFDCadmin (RSA): asked a question.
Vulnerability
Hi,
We have following vulnerability on our RSA Authentication manager:
CVE-2004-2761
---
SSL Certificate Signed Using Weak Hashing Algorithm
Kindly help us to mitigate the same.
We have following vulnerability on our RSA Authentication manager:
CVE-2004-2761
---
SSL Certificate Signed Using Weak Hashing Algorithm
Kindly help us to mitigate the same.
Thank you for contacting the RSA Customer Support team. Please note that we
have tried getting in contact with you on support ticket 02472834 but it would
seem you are not receiving our emails. Please confirm if your mail server is
blocking emails coming from caseupdate@securid.com.
Regarding your query about CVE-2004-2761, this is related to SSL Certificate
Weak Signing Algorithm. The flaw exists but does not add any risk. The
certificate is required for legacy protocol support. The signing algorithm is
not relevant to protocol security. Please let me know should you require
further details on this vulnerability.
Enabling TLS 1.2 will not change this internal certificate and it also cannot
be replaced with a third party certificate as the certificates are provided to
the customer as a part of their license. These are derived from the SDTI CA
(Security Dynamics Technologies, Inc. Primary CA Root 1) and the server certs
are signed with a md5rsa algorithm in manufacturing. They are generated
uniquely for each customer license.
We do recommend that you enable strict TLS 1.2 and when you do, you will need
to restart the services. If you have replica instances, you should not have
any downtime. Please let me know if you have any further questions in regards
to the case that has been raised.