Synopsis
SSL/TLS Certificate RSA Keys Less Than 2048 bitsDescription
The remote server certificate has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014.Solution
Replace the certificate with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.
Plugin Details
Severity: Medium
ID: 112540
Type: remote
Family: SSL/TLS
Published: 2/1/2019
Updated: 7/13/2023
Scan Template: api, basic, config_audit, full, pci, quick, scan, ssl_tls
Risk Information
VPR
Risk Factor: Low
Score: 3.3
CVSS v2
Risk Factor: Low
Base Score: 3.2
Vector: CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 4.2
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS Score Source: Tenable
Reference Information
CWE: 326
OWASP: 2010-A7, 2013-A6, 2017-A3, 2021-A2
WASC: Application Misconfiguration
DISA STIG: APSC-DV-002440
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.10.1.2
NIST: sp800_53-SC-12
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-9.1.2
