发布日期:2024-08-27 09:01 点击次数:158
SSL Certificate Signed Using Weak Hashing Algorithm【HMGL-074】グラマー 未発表スペシャル 7 ゆず、MARIA、アメリ、しいな
操作系统版块:Windows Server 2012 R2
绪论:督察SSL Certificate Signed Using Weak Hashing Algorithm流程中生成文凭时接管自签名故仍然会保留SSL Certificate Cannot Be Trusted、SSL Self-Signed Certificate问题,督察SSL Certificate Cannot Be Trusted、SSL Self-Signed Certificate可央求官方机构颁布文凭
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Certificate Signed Using Weak Hashing Algorithm
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google’s gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
Solution
Contact the Certificate Authority to have the SSL certificate reissued.
See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
OutputThe following certificates were part of the certificate chain sent by the remote host, but contain hashes that are considered to be weak. Subject : CN=SSL_Self_Signed_Fallback Signature Algorithm : SHA-1 With RSA Encryption Valid From : Dec 17 19:04:21 2020 GMT Valid To : Dec 17 19:04:21 2050 GMT Raw PEM certificate : -----BEGIN CERTIFICATE----- MIIB + zCCAWSgAwIBAgIQetsANEKCqoZC74W4Z0idJjANBgkqhkiG9w0BAQUFADA7MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEAbABsAGIAYQBjAGswIBcNMjAxMjE3MTkwNDIxWhgPMjA1MDEyMTcxOTA0MjFaMDsxOTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBsAGwAYgBhAGMAazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyYE0CntRczYPDMlxdYUiCLICPQDtzC3qgf3EvS4Gy8YISvhtxZ0GFYBfxwulmPRitOzbs6BU8 / BGKCP7dJ4nwbVx6WFDKEdaHJ3j / WrFKL8KJK0nrOP2hyIwbLqke237QT6d4Hu3C4zVmO4rTAcGdvWs1PTWk7zcnnufUs6COL0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAHcHkn6n7hDfsqJcmVylQxNcBKqTbW6tYS + IbQi0Hlpd9hcqyKJ / 3NI1hAZi2 + bhlv + Eg2Wx7X11Rg4kwGCaAqGJx4rABKYx7K + H3Xyq8OUzGMcfedY7h + K / QQlbR + 1Z1tPjsmgWpPX6lhcXB0ba18qfMfyRxhEbq8gm7PEXmeHQ == -----END CERTIFICATE-----
Risk Information
Risk Factor: Medium
CVSS v3.0 Base Score 7.5
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v3.0 Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v3.0 Temporal Score: 6.7
CVSS v2.0 Base Score: 5.0
CVSS v2.0 Temporal Score: 3.9
CVSS v2.0 Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS v2.0 Temporal Vector: CVSS2#E:POC/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:ietf:md5 cpe:/a:ietf:x.509_certificate
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Pub Date: August 18, 2004
Reference Information
CWE: 310
CERT: 836068
BID: 11849, 33065
CVE: CVE-2004-2761
讲解阐明
SSL Certificate Signed Using Weak Hashing Algorithm是因SSL文凭中使用的签名算法不相宜IETF条目,需要从头生成SSL文凭且SSL文凭中的签名算法、密钥长度均要闪耀相宜刻下的IETF条目,同期把柄其受影响软件情况更换受影响软件的SSL文凭。
SSL Certificate Signed Using Weak Hashing Algorithm in RDP
SSL Certificate Signed Using Weak Hashing Algorithm
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google’s gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
Solution
Contact the Certificate Authority to have the SSL certificate reissued.
See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
OutputThe following certificates were part of the certificate chain sent by the remote host, but contain hashes that are considered to be weak. Subject : CN=SSL_Self_Signed_Fallback Signature Algorithm : SHA-1 With RSA Encryption Valid From : Dec 17 19:04:21 2020 GMT Valid To : Dec 17 19:04:21 2050 GMT Raw PEM certificate : -----BEGIN CERTIFICATE----- MIIB + zCCAWSgAwIBAgIQetsANEKCqoZC74W4Z0idJjANBgkqhkiG9w0BAQUFADA7MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEAbABsAGIAYQBjAGswIBcNMjAxMjE3MTkwNDIxWhgPMjA1MDEyMTcxOTA0MjFaMDsxOTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBsAGwAYgBhAGMAazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyYE0CntRczYPDMlxdYUiCLICPQDtzC3qgf3EvS4Gy8YISvhtxZ0GFYBfxwulmPRitOzbs6BU8 / BGKCP7dJ4nwbVx6WFDKEdaHJ3j / WrFKL8KJK0nrOP2hyIwbLqke237QT6d4Hu3C4zVmO4rTAcGdvWs1PTWk7zcnnufUs6COL0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAHcHkn6n7hDfsqJcmVylQxNcBKqTbW6tYS + IbQi0Hlpd9hcqyKJ / 3NI1hAZi2 + bhlv + Eg2Wx7X11Rg4kwGCaAqGJx4rABKYx7K + H3Xyq8OUzGMcfedY7h + K / QQlbR + 1Z1tPjsmgWpPX6lhcXB0ba18qfMfyRxhEbq8gm7PEXmeHQ == -----END CERTIFICATE-----
Risk Information
Risk Factor: Medium
CVSS v3.0 Base Score 7.5
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v3.0 Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v3.0 Temporal Score: 6.7
CVSS v2.0 Base Score: 5.0
CVSS v2.0 Temporal Score: 3.9
CVSS v2.0 Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS v2.0 Temporal Vector: CVSS2#E:POC/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:ietf:md5 cpe:/a:ietf:x.509_certificate
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Pub Date: August 18, 2004
Reference Information
CWE: 310
CERT: 836068
BID: 11849, 33065
CVE: CVE-2004-2761
Software
RDP
操作步调
考证存在SSL Certificate Signed Using Weak Hashing Algorithm
开启干扰桌面寻查干扰桌面文凭,看到文凭的签名算法是SHA1RSA,公钥长度为RSA(2048 Bits)
图片
图片
图片
图片
图片
通过测试RDP探听流程考证RDP SSL文凭签名算法为SHA1RSA、签名哈希算法为SHA1
搜索或下载文凭器用【HMGL-074】グラマー 未発表スペシャル 7 ゆず、MARIA、アメリ、しいな
搜索自有makecert.exe和pvk2pfx.exe或下载我的共享资源
生成文凭
将makecert.exe和pvk2pfx.exe拷贝到C:/Windows/System32目次下并在刻下目次下启动Windows PowerShellcd C:\Windows\System32
启动makecert生成文凭,指定文凭的签名算法SHA256RSA,公钥长度为RSA(2048 Bits)makecert -r -pe -n "CN=Server" -b 01/01/2015 -e 01/01/2055 -sky exchange -sv ServerPublicKey.pvk ServerPublicKey.cer -a sha256 -len 2048
输入Private Key Password,为餍足复杂度条目建树为8位以上数字、字母、非凡字符组合
图片
图片
教导信息,奏凯时教导SucceededPS C:\Windows\System32> makecert -r -pe -n "CN=Server" -b 01/01/2015 -e 01/01/2055 -sky exchange -sv ServerPublicKey.pvk ServerPublicKey.cer -a sha256 -len 2048 Succeeded
启动pvk2pfx把柄pvk文凭导出pfx方式文凭,-pi参数后接建树的Private Key Passwordpvk2pfx -pvk ServerPublicKey.pvk -spc ServerPublicKey.cer -pfx ServerPrivateKey.pfx -pi password
教导信息,奏凯时无教导信息PS C:\Windows\System32> pvk2pfx -pvk ServerPublicKey.pvk -spc ServerPublicKey.cer -pfx ServerPrivateKey.pfx -pi password
导入文凭
掀开督察摈弃台mmc
图片
文献–>添加/删除督察单元–>可用的督察单元–>文凭–>添加–>操办机账户–>下一步–>土产货操办机–>完成–>笃定
图片
图片
文凭(土产货操办机)(中间位置双击)–>个东说念主(右键)–>总计任务–>导入–>土产货机操办–>下一步–>浏览–>遴荐C:\Windows\SysWOW64\ServerPrivateKey.pfx–>下一步–>输入Private Key Password–>笃定–>下一步–>完成–>导入奏凯–>文凭(双击)–>出现带私钥的Server文凭
图片
图片
图片
图片
图片
图片
寻查文凭,记载指纹信息
图片
添加文凭探听权限
Server文凭(右键)–>总计任务–>督察私钥–>添加–>输入对象称号来遴荐–>NETWORK SERVICE–>查验称号–>笃定–>分派NETWORK SERVICE读取权限–>笃定
图片
图片
图片
在RDP-tcp中加载文凭
通过Windows+R掀开启动或在Windows Terminal、Windows PowerShell中掀开注册表regedit
添加注册表项旅途:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp 称号: SSLCertificateSHA1Hash 类型: REG_BINARY 值:文凭指纹值
建树值为文凭指纹值
图片
考证文凭奏效情况
掀开干扰桌面从头贯穿,奏凯建树文凭
图片
图片
图片
图片
图片
建树奏凯
留传问题
因生成文凭时接管自签名故仍然会保留SSL Certificate Cannot Be Trusted、SSL Self-Signed Certificate问题,若要督察该问题可在CA中心官方文凭网站央求文凭,西西人提肉肉也可搜索免费的文凭央求地址,梗概由集团单元里面自建长入CA中心颁发文凭同期在总计建设导入根文凭,当今国密算法正在引申,若自建长入CA中心冷落接管国密体系。
SSL Certificate Signed Using Weak Hashing Algorithm in RDP
SSL Certificate Signed Using Weak Hashing Algorithm
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google’s gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
Solution
Contact the Certificate Authority to have the SSL certificate reissued.
See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
OutputThe following certificates were part of the certificate chain sent by the remote host, but contain hashes that are considered to be weak. Subject : CN=SSL_Self_Signed_Fallback Signature Algorithm : SHA-1 With RSA Encryption Valid From : Dec 17 19:04:21 2020 GMT Valid To : Dec 17 19:04:21 2050 GMT Raw PEM certificate : -----BEGIN CERTIFICATE----- MIIB + zCCAWSgAwIBAgIQetsANEKCqoZC74W4Z0idJjANBgkqhkiG9w0BAQUFADA7MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEAbABsAGIAYQBjAGswIBcNMjAxMjE3MTkwNDIxWhgPMjA1MDEyMTcxOTA0MjFaMDsxOTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBsAGwAYgBhAGMAazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyYE0CntRczYPDMlxdYUiCLICPQDtzC3qgf3EvS4Gy8YISvhtxZ0GFYBfxwulmPRitOzbs6BU8 / BGKCP7dJ4nwbVx6WFDKEdaHJ3j / WrFKL8KJK0nrOP2hyIwbLqke237QT6d4Hu3C4zVmO4rTAcGdvWs1PTWk7zcnnufUs6COL0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAHcHkn6n7hDfsqJcmVylQxNcBKqTbW6tYS + IbQi0Hlpd9hcqyKJ / 3NI1hAZi2 + bhlv + Eg2Wx7X11Rg4kwGCaAqGJx4rABKYx7K + H3Xyq8OUzGMcfedY7h + K / QQlbR + 1Z1tPjsmgWpPX6lhcXB0ba18qfMfyRxhEbq8gm7PEXmeHQ == -----END CERTIFICATE-----
Risk Information
Risk Factor: Medium
CVSS v3.0 Base Score 7.5
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v3.0 Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v3.0 Temporal Score: 6.7
CVSS v2.0 Base Score: 5.0
CVSS v2.0 Temporal Score: 3.9
CVSS v2.0 Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS v2.0 Temporal Vector: CVSS2#E:POC/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:ietf:md5 cpe:/a:ietf:x.509_certificate
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Pub Date: August 18, 2004
Reference Information
CWE: 310
CERT: 836068
BID: 11849, 33065
CVE: CVE-2004-2761
Software
SQL Server
操作步调
搜索或下载文凭器用
搜索自有makecert.exe和pvk2pfx.exe或下载我的共享资源
生成文凭
将makecert.exe和pvk2pfx.exe拷贝到C:/Windows/System32目次下并在刻下目次下启动Windows PowerShellcd C:\Windows\System32
启动makecert生成文凭,指定文凭的签名算法SHA256RSA,公钥长度为RSA(2048 Bits)makecert -r -pe -n "CN=Server" -b 01/01/2015 -e 01/01/2055 -sky exchange -sv ServerPublicKey.pvk ServerPublicKey.cer -a sha256 -len 2048
输入Private Key Password,为餍足复杂度条目建树为8位以上数字、字母、非凡字符组合
图片
图片
教导信息,奏凯时教导SucceededPS C:\Windows\System32> makecert -r -pe -n "CN=Server" -b 01/01/2015 -e 01/01/2055 -sky exchange -sv ServerPublicKey.pvk ServerPublicKey.cer -a sha256 -len 2048 Succeeded
启动pvk2pfx把柄pvk文凭导出pfx方式文凭,-pi参数后接建树的Private Key Passwordpvk2pfx -pvk ServerPublicKey.pvk -spc ServerPublicKey.cer -pfx ServerPrivateKey.pfx -pi password
教导信息,奏凯时无教导信息PS C:\Windows\System32> pvk2pfx -pvk ServerPublicKey.pvk -spc ServerPublicKey.cer -pfx ServerPrivateKey.pfx -pi password
导入文凭
掀开督察摈弃台mmc
图片
文献–>添加/删除督察单元–>可用的督察单元–>文凭–>添加–>操办机账户–>下一步–>土产货操办机–>完成–>笃定
图片
图片
文凭(土产货操办机)(中间位置双击)–>个东说念主(右键)–>总计任务–>导入–>土产货机操办–>下一步–>浏览–>遴荐C:\Windows\SysWOW64\ServerPrivateKey.pfx–>下一步–>输入Private Key Password–>笃定–>下一步–>完成–>导入奏凯–>文凭(双击)–>出现带私钥的Server文凭
图片
图片
图片
图片
图片
图片
寻查文凭,记载指纹信息
图片
添加文凭探听权限
Server文凭(右键)–>总计任务–>督察私钥–>添加–>输入对象称号来遴荐–>NETWORK SERVICE–>查验称号–>笃定–>分派数据库用户读取权限–>笃定
图片
图片
图片
在MSSQLServer中加载文凭
通过Windows+R掀开启动或在Windows Terminal、Windows PowerShell中掀开注册表regedit
添加注册表项旅途:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQLServer\SuperSocketNetLib 称号: Certificate 类型: REG_SZ 值:文凭指纹值
参考文档:
https://www.cnblogs.com/huangzelin/p/3645520.html
https://jingyan.baidu.com/article/3aed632e153e9431108091c9.html
https://blog.csdn.net/a549569635/article/details/48831105
https://blog.csdn.net/kufeiyun/article/details/15337097
情色电影迅雷https://docs.microsoft.com/zh-cn/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine?redirectedfrom=MSDN&view=sql-server-ver15【HMGL-074】グラマー 未発表スペシャル 7 ゆず、MARIA、アメリ、しいな
本站仅提供存储奇迹,总计现实均由用户发布,如发现存害或侵权现实,请点击举报。
