2022-05-20 10:48:49 +00:00
|
|
|
id: self-signed-ssl
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Self Signed SSL Certificate
|
|
|
|
author: righettod,pdteam
|
|
|
|
severity: low
|
2022-12-09 06:48:20 +00:00
|
|
|
reference:
|
|
|
|
- https://www.rapid7.com/db/vulnerabilities/ssl-self-signed-certificate/
|
|
|
|
description: |
|
2022-12-09 06:54:23 +00:00
|
|
|
self-signed certificates are public key certificates that are not issued by a certificate authority. These self-signed
|
2022-12-09 06:48:20 +00:00
|
|
|
certificates are easy to make and do not cost money. However, they do not provide any trust value.
|
|
|
|
remediation: |
|
2022-12-09 06:54:23 +00:00
|
|
|
Purchase or generate a proper SSL certificate for this service.
|
2022-05-20 10:48:49 +00:00
|
|
|
tags: ssl
|
|
|
|
|
|
|
|
ssl:
|
|
|
|
- address: "{{Host}}:{{Port}}"
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
2022-12-09 06:48:20 +00:00
|
|
|
- "self_signed == true"
|