Summary #

Invicti detected that a certificate is signed using a weak signature algorithm.

The weak signature algorithm is known to be cryptographically weak and vulnerable to collision attacks.

Impact #
Attackers can observe the encrypted traffic between your website and its visitors by leveraging the use of this vulnerability.
Remediation #
You'll need to generate a new certificate request, and get your CA to issue you a new certificate using SHA-2.
Classifications #
PCI v3.2-6.5.4; CAPEC-459; ISO27001-A.10; WASC-4; OWASP 2013-A6; OWASP 2017-A3
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo