IBM Support

SSL Certificate Signed using Weak Hashing Algorithm

Troubleshooting


Problem

Nessus scanner reports an issue:   The SSL certificate has been signed using  a weak hash algorithm.

Symptom

Issue:
SSL Certificate Signed using Weak Hashing  Algorithm
 
Synopsis :
 
The SSL certificate has been signed using  a weak hash algorithm.
 
Description :
 
The remote service uses an  SSL certificate that has been signed using a cryptographically weak hashing  algorithm - MD2, MD4, or MD5. These signature algorithms are known to be  vulnerable to collision attacks.
In theory, a determined attacker may be  able to leverage this weakness to generate another certificate with the same  digital signature, which could allow him to masquerade as the affected  service.

[{"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"WebSphere Application Server","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.3;8.4;8.5;8.5.1;8.6","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

To view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use the link to actual document below to access the full document. You will be asked to log on if you are not already logged in. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

link to actual document

Document Information

More support for:
IBM Workload Scheduler

Software version:
8.3, 8.4, 8.5, 8.5.1, 8.6

Document number:
494661

Modified date:
17 June 2018

UID

swg21639052

Manage My Notification Subscriptions

Page Feedback