Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 11809 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Weak Cipher and unknown CA

Halls

I’’’’ve ran a network vulnerability tool (NESSUS) and it reported SSL vulnerabilities with weak encryption and an unknown CA.  I’’’’ve narrowed it down to Sophos RMS on port 8194 but my question is how do you update the certification manager and where does the certification manager receive its certificates and what certificates do they issue.

I am running Sophos Anti-Virus (Version 9.5.4) from Enterprise Console 4.5.1.0

Also i have my own CA Server,  if i can use this to generate a pem please let me know where i need to place it i think it is on the enterprise management server but not sure where.

regards,

Steve Hall

:8005


This thread was automatically locked due to age.
Parents
  • 0

    We are actually experiencing the same issue on 2 of our servers. This is what the NESSUS scan concerning that problem.

    This was pulled of port 1075,8192, and 8194. I also ran a scan with Nmap and it showed that 1075 and 8194 both supported SSLv2.

    Hope this is helpful.

    SSL Certificate Signed using Weak Hashing Algorithm

Synopsis:
The SSL certificate has been signed using a weak hash algorithm.

Description:
The remote service uses an SSL certificate that has been signed using a cryptographically weak hashing algorithm - MD2, MD4, or MD5. These signature algorithms are known to be vulnerable to collision attacks. In theory, a determined attacker may be able to leverage this weakness to generate another certificate with the same digital signature, which could allow him to masquerade as the affected service.

Risk factor:
Medium

CVSS Base Score:4.0
CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

See also:
http://tools.ietf.org/html/rfc3279

See also:
http://www.phreedom.org/research/rogue-ca/

See also:
http://www.microsoft.com/technet/security/advisory/961509.mspx

See also:
http://www.kb.cert.org/vuls/id/836068

Solution:
Contact the Certificate Authority to have the certificate reissued.

Plugin output:
Here is the service's SSL certificate : Subject Name: Organization Unit: Router$tx-extranet:36073 Common Name: Agent Issuer Name: Common Name: EM2_CA Serial Number: 00 9C F4 Version: 3 Signature Algorithm: MD5 With RSA Encryption Not Valid Before: Jan 03 20:10:30 2011 GMT Not Valid After: Dec 30 20:10:30 2030 GMT Public Key Info: Algorithm: RSA Encryption Public Key: 00 97 41 A7 9B AD BE A6 3A 3C 48 04 87 BA 7D 0D F3 49 A5 28 32 A9 C0 21 A2 0E ED 7F 2A 38 C8 26 D7 15 8B E1 8A 89 B2 F7 CA 48 BC 37 6F BC 70 4C F3 7F 42 52 40 4C 2E 65 BA 00 A0 DF 81 F3 9F 5C EF Exponent: 01 00 01 Signature: 00 A9 36 6E 66 E8 0F 9C F3 4A 88 49 C9 E3 76 2A 66 32 65 CD CF F9 83 CC 4D 17 C4 99 E0 A0 FD 33 E7 83 B6 69 B7 BA 7D 72 26 F8 6A 09 3C F1 6A 0D B2 34 AD A5 19 33 47 84 C4 A7 42 09 E7 36 77 B2 CF D0 A7 DB 29 A6 C9 72 5F F6 C0 82 80 C4 4E 9E 39 2A 98 DA 25 C9 37 9A D2 D6 01 C5 46 05 09 08 8C 0C B8 FC 61 E3 6B D0 72 21 01 78 0D 19 B8 30 91 12 66 44 27 E7 4C 67 1C D6 37 44 90 58 36 31 2E 69 C9 A9 27 77 01 20 C9 B5 FD 16 90 F9 76 E4 FA 70 BE 1D E6 89 F0 BA F6 E3 C5 37 D1 92 F1 4B CB 7C 38 36 F0 92 5A 14 EC 74 0E D3 8B E0 9C FD 28 57 D2 3D 4E E0 FA 97 7F A7 EF 24 21 2D 5D 8B FF B6 2A 8B 4C 73 D6 15 AB 3C 72 DC 8E 75 64 83 AB E4 C2 B8 FD B2 93 A1 3E FA 86 67 F4 3E A6 94 F2 30 5C 23 BF 48 26 95 51 E7 BD DB 01 24 E5 B1 57 11 79 63 EC 5D AB EE B6 06 1A E1 FC 32 1E A1 8B

Plugin ID:
35291

CVE:
CVE-2004-2761

BID:
11849, 33065

Other references:
OSVDB:45106, OSVDB:45108, OSVDB:45127, CWE:310
    :11145
Reply
  • 0

    We are actually experiencing the same issue on 2 of our servers. This is what the NESSUS scan concerning that problem.

    This was pulled of port 1075,8192, and 8194. I also ran a scan with Nmap and it showed that 1075 and 8194 both supported SSLv2.

    Hope this is helpful.

    SSL Certificate Signed using Weak Hashing Algorithm

Synopsis:
The SSL certificate has been signed using a weak hash algorithm.

Description:
The remote service uses an SSL certificate that has been signed using a cryptographically weak hashing algorithm - MD2, MD4, or MD5. These signature algorithms are known to be vulnerable to collision attacks. In theory, a determined attacker may be able to leverage this weakness to generate another certificate with the same digital signature, which could allow him to masquerade as the affected service.

Risk factor:
Medium

CVSS Base Score:4.0
CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

See also:
http://tools.ietf.org/html/rfc3279

See also:
http://www.phreedom.org/research/rogue-ca/

See also:
http://www.microsoft.com/technet/security/advisory/961509.mspx

See also:
http://www.kb.cert.org/vuls/id/836068

Solution:
Contact the Certificate Authority to have the certificate reissued.

Plugin output:
Here is the service's SSL certificate : Subject Name: Organization Unit: Router$tx-extranet:36073 Common Name: Agent Issuer Name: Common Name: EM2_CA Serial Number: 00 9C F4 Version: 3 Signature Algorithm: MD5 With RSA Encryption Not Valid Before: Jan 03 20:10:30 2011 GMT Not Valid After: Dec 30 20:10:30 2030 GMT Public Key Info: Algorithm: RSA Encryption Public Key: 00 97 41 A7 9B AD BE A6 3A 3C 48 04 87 BA 7D 0D F3 49 A5 28 32 A9 C0 21 A2 0E ED 7F 2A 38 C8 26 D7 15 8B E1 8A 89 B2 F7 CA 48 BC 37 6F BC 70 4C F3 7F 42 52 40 4C 2E 65 BA 00 A0 DF 81 F3 9F 5C EF Exponent: 01 00 01 Signature: 00 A9 36 6E 66 E8 0F 9C F3 4A 88 49 C9 E3 76 2A 66 32 65 CD CF F9 83 CC 4D 17 C4 99 E0 A0 FD 33 E7 83 B6 69 B7 BA 7D 72 26 F8 6A 09 3C F1 6A 0D B2 34 AD A5 19 33 47 84 C4 A7 42 09 E7 36 77 B2 CF D0 A7 DB 29 A6 C9 72 5F F6 C0 82 80 C4 4E 9E 39 2A 98 DA 25 C9 37 9A D2 D6 01 C5 46 05 09 08 8C 0C B8 FC 61 E3 6B D0 72 21 01 78 0D 19 B8 30 91 12 66 44 27 E7 4C 67 1C D6 37 44 90 58 36 31 2E 69 C9 A9 27 77 01 20 C9 B5 FD 16 90 F9 76 E4 FA 70 BE 1D E6 89 F0 BA F6 E3 C5 37 D1 92 F1 4B CB 7C 38 36 F0 92 5A 14 EC 74 0E D3 8B E0 9C FD 28 57 D2 3D 4E E0 FA 97 7F A7 EF 24 21 2D 5D 8B FF B6 2A 8B 4C 73 D6 15 AB 3C 72 DC 8E 75 64 83 AB E4 C2 B8 FD B2 93 A1 3E FA 86 67 F4 3E A6 94 F2 30 5C 23 BF 48 26 95 51 E7 BD DB 01 24 E5 B1 57 11 79 63 EC 5D AB EE B6 06 1A E1 FC 32 1E A1 8B

Plugin ID:
35291

CVE:
CVE-2004-2761

BID:
11849, 33065

Other references:
OSVDB:45106, OSVDB:45108, OSVDB:45127, CWE:310
    :11145
Children
No Data