漏洞翻译后提示如下:
主机信息
IP:
127.0.0.1
OS:
微软Windows
脆弱性
51192-SSL证书不可信
梗概
此服务的SSL证书不可信。
描述
服务器的X.509证书不可信。这种情况可以以三种不同的方式出现,其中信任链可以被打
- First, the top of the certificate chain sent by the server might not be descended frc
the chain is an unrecognized, self-signed certificate, or when intermediate certificat
public certificate authority.
-其次,证书链可能包含扫描时无效的证书。当扫描发生在证书的"notBefore"日期之前,
-第三,证书链可能包含与证书信息不匹配或无法验证的签名。错误的签名可以通过让颁发
不支持或不识别的签名算法的结果。
如果远程主机是生产中的公共主机,链条上的任何断裂都会增加用户验证web服务器真实
提示原文:
Vulnerabilities
51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
注:需要修复此漏洞
扫描后无漏洞提示!
|
发表于 2024-7-22 09:47
|楼主
收藏
淘帖
有用
分享到朋友圈