Certificate signed using SHA-1
Medium
G
Gratipay
Submitted None
Actions:
Reported by
lulliii
Vulnerability Details
Technical details and impact analysis
Hello,
I detected a certificate signed using SHA-1. SHA-1 is a hash algorithm used in digital signatures. It is currently considered deprecated due to the increasing feasibility in breaking it.
Impact:
Certificates can be forged by capable adversaries.
Forged certificates can be used in MITM attacks against connecting clients.
Solution:
Renew certificates with SHA-256 signatures.
This should be done before 2016.
Report Details
Additional information and metadata
State
Closed
Substate
Duplicate