Certificate signed using SHA-1
Medium
Vulnerability Details
Hello,
I detected a certificate signed using SHA-1. SHA-1 is a hash algorithm used in digital signatures. It is currently considered deprecated due to the increasing feasibility in breaking it.
Impact:
Certificates can be forged by capable adversaries.
Forged certificates can be used in MITM attacks against connecting clients.
Solution:
Renew certificates with SHA-256 signatures.
This should be done before 2016.
Actions
View on HackerOneReport Stats
- Report ID: 190015
- State: Closed
- Substate: duplicate
- Upvotes: 3