Detail

Revoked SSL Certificate

Severity: Medium

Summary #

Invicti detected a revoked SSL certificate. Certificate revocation is a process of invalidating an issued SSL certificate. Sometimes a Certificate Authority may revoke an SSL certificate if, for example, a domain is suspected of phishing/malware/etc, if the certificate owner has violated the terms and conditions, or if a certificate was wrongfully issued.

Impact #

It can impact both website and the users:

  • Warning error messages displayed by browsers when visiting the site
  • Personal information at risk from man-in-the-middle attacks
  • Reduction in trust as the site becomes insecure
  • Ability for an attacker to create identical phishing website
Remediation #

The process of reissuing revoked SSL certificates varies depending on the host or the certificate authority used. Please refer to the corresponding documentation.

Classifications #
CWE-295; OWASP 2017-A3
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo

Invicti Security Corp
220 Industrial Blvd Ste 102
Austin, TX 78745

© Invicti 2022

RESOURCES

USE CASES

WEB SECURITY

COMPANY

© Invicti 2022

SSA Privacy Policy California Privacy Rights Terms of Use Accessibility Sitemap