漏洞描述
self-signed certificates are public key certificates that are not issued by a certificate authority. These self-signed
certificates are easy to make and do not cost money. However, they do not provide any trust value.
self-signed-ssl: Self Signed SSL Certificate
PoC代码[已公开]
id: self-signed-ssl
info:
name: Self Signed SSL Certificate
author: righettod,pdteam
severity: low
description: |
self-signed certificates are public key certificates that are not issued by a certificate authority. These self-signed
certificates are easy to make and do not cost money. However, they do not provide any trust value.
remediation: |
Purchase or generate a proper SSL certificate for this service.
reference:
- https://www.rapid7.com/db/vulnerabilities/ssl-self-signed-certificate/
metadata:
max-request: 1
tags: ssl,tls,self-signed,vuln
ssl:
- address: "{{Host}}:{{Port}}"
matchers:
- type: dsl
dsl:
- "self_signed == true"
# digest: 490a0046304402204c2bfe6d8831e27c0060fedb268973c76322562f690a64cc99a6fc27ec08db0c022079014f5cc22bfaed7b345b5581959b1f2afc72e3568f0c6480a9952dd9e26557:922c64590222798bb761d5b6d8e72950