SHA-1 Signature Update
A vulnerability has been detected in our SA deployment - "SHA-1 based Signature in TLS/SSL Server X.509 Certificate". Does anyone have remediation steps for this vulnerability?
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
Could you let me know the CVE number for that, the version of SA and whether you have installed the Quarterly Security updates.
Feel free to forward me the report from your scanner in a private message. (Advanced editor, bottom right of the editor window)
I also, have same question. Our internal Kenna security meter is reporting this as a vulnerability
There is no CVE Addressed. Here is Kenna details
Scanner ID: tls-server-cert-sig-alg-sha1
The SHA-1 hashing algorithm has known weaknesses that expose it to collision attacks, which may allow an attacker to generate additional X.509 digital certificates with the same signature as an original.
Kenna Fix ID: 972030
Last updated: 2017-12-05T17:31:49.000Z
Stop Using SHA-1
Stop using signature algorithms relying on SHA-1, such as "SHA1withRSA", when signing X.509 certificates. Instead, use the SHA-2 family (SHA-224, SHA-256, SHA-384, and SHA-512).