NetWitness Community

RSAAdmin · ‎2014-10-20

Hi,

A vulnerability has been detected in our SA deployment - "SHA-1 based Signature in TLS/SSL Server X.509 Certificate". Does anyone have remediation steps for this vulnerability?

RSAAdmin · ‎2014-10-21

Hi,

Could you let me know the CVE number for that, the version of SA and whether you have installed the Quarterly Security updates.

Feel free to forward me the report from your scanner in a private message. (Advanced editor, bottom right of the editor window)

thanks

Marinos

JaiPagare · ‎2018-06-01

I also, have same question. Our internal Kenna security meter is reporting this as a vulnerability

There is no CVE Addressed. Here is Kenna details

Scanner ID: tls-server-cert-sig-alg-sha1

Diagnosis:

The SHA-1 hashing algorithm has known weaknesses that expose it to collision attacks, which may allow an attacker to generate additional X.509 digital certificates with the same signature as an original.

Kenna Fix ID: 972030

Solution:

Published: 2005-02-13T00:00:00Z

Last updated: 2017-12-05T17:31:49.000Z

Stop Using SHA-1

Stop using signature algorithms relying on SHA-1, such as "SHA1withRSA", when signing X.509 certificates. Instead, use the SHA-2 family (SHA-224, SHA-256, SHA-384, and SHA-512).

JaiPagare · ‎2018-06-08

Hello

Marinos. RSA admin any update on this please.#mario_santana‌

someone · ‎2018-06-11

Hi Jai

I am not with the company anymore. I would suggest that you open a Support case so that this can be investigated properly.

NetWitness Community

SHA-1 Signature Update