Description

One of the TLS/SSL certificates used by your server uses a key that is considered weak due to its small key size. The recommended minimum sizes for RSA and ECDSA keys are 2,048 bit and 256 bit, respectively.

This alert is not necessarily caused by the server (leaf) certificate, but may have been triggered by an intermediate certificate. Please refer to the certificate serial number in the alert details to identify the affected certificate.

Remediation

If you are using certificates with weak keys, you will need to migrate to either larger keys, more efficient algorithms, or both.

References

Moving to a 2048-bit certificate

Compare Key Lengths

Comparing ECDSA vs RSA

ECDSA: The digital signature algorithm of a better internet

Related Vulnerabilities

Same site scripting

Apache Tapestry weak secret key

Jenkins weak password

Pentaho API Auth bypass (CVE-2021-31602)

Case-Insensitive Routing Bypass in Express.js Application

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto