SSL Certificate – Server Public Key Too Small

Snippet of the vulnerability from the Qualys report.

Vulnerability: SSL Certificate – Server Public Key Too Small
Reported: On Port 443/tcp over SSL
QID: 38171
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server’s Certificate and extracts the Public Key in the Certificate to establish the secure connection.
Best practices require that digital signatures be 2048 or more bits long to provide adequate security. Key lengths of 1024 are acceptable through 2013, but since 2011 they are considered deprecated.

As of March 2014, the PCI council is looking at what impact a minimum-2048-bit (or equivalent) public key requirement will have on future Standard/Program updates. Although this will not currently cause a failure for PCI compliance, customers with PCI compliance needs should address this issue as soon as feasible in order to avoid failures when PCI requirements change.

IMPACT:
A man-in-the-middle attacker can exploit this vulnerability to record the SSL communication to decrypt the session key and even the messages.

SOLUTION:
It is recommended to install a server certificate signed with a public key length of at least 2048 bits or greater.

RESULTS:

Certificate #0
 RSA Public Key (512 bit)
 RSA Public-Key: (512 bit)
 Modulus:
         00:ba:18:77:5f:63:dd:f0:51:d1:bd:12:22:56:5f:
         5b:4e:f3:07:88:a9:be:00:23:5b:f9:bd:e3:c3:7c:
         bb:c7:2a:93:4e:37:26:2e:3e:e6:71:0c:40:3f:db:
         ca:7a:13:fd:83:c9:e2:9b:6c:bf:ea:15:79:99:cd:
         96:6a:7c:85:bb
 Exponent: 65537 (0x10001)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

As per scanner, it is complaining us that there is a ssl certificate that is signed with a public key length of 512 bits. We will look at that SSL certificate, public key and its bits on our server in a while from now.

Before that , Since we are dealing with SSL stuff, Let’s have a basic understanding about SSL and its relevant terms as below.

  • When a browser attempts to access a website that is secured by SSL, the browser and the web server establish a Secure SSL connection using a process called an “SSL Handshake”.
  • To create this secure connection, an SSL certificate (also known as “digital certificate”) is installed on a web server and its primary functions are authenticating the identity of the website and encrypting the data that is being transmitted.
  • Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key and vice versa.
  • The public/private key size is determined when the CSR (Certificate Signing Request) and private key are created.
  • The keysize (bit-length) of a public and private key pair determine how easily the key can be cracked with a brute force attack. If a private key is broken, all the connections initiated with it would be exposed to whomever had the key. A key size of 512 bits is easy to break and a key size of 1024 can be broken with enough computing power. Most providers require that you generate 2048-bit keys.
  • Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.

Now we know the importance of this public key in certificate. Lets gets started working on this Vulnerability.

Going through the Results section of the scan report, we have certificate#0 is vulnerable and shows its corresponding RSA public key of 512 bit length. It shows Modulus and Exponent component of the pub key.

How to identify this certificate on our server and its pubkey and cross verify with the details presented in scanner results.

NOTE: We are using Apache/2.4.6 webserver and self-signed certificate

Identify the Certificate on the Server along with its Public Key and length

Since the scanner has reported on web service port 443. Run the below Openssl command against the Webserver. The output provides us with the ssl certificate and RSA pubkey size of 512 bits.

[root@linuxminion]# echo | openssl s_client -connect ec2-13-211-152-150.ap-southeast-2.compute.amazonaws.com:443

 CONNECTED(00000003)
 depth=0 C = AU, ST = NSW, L = SYDNEY, O = ABC, OU = TEST, CN = linuxminion
 verify error:num=18:self signed certificate
 verify return:1
 depth=0 C = AU, ST = NSW, L = SYDNEY, O = ABC, OU = TEST, CN = linuxminion
 verify return:1
 Certificate chain
  0 s:/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
    i:/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
 Server certificate
 -----BEGIN CERTIFICATE-----
 MIICBzCCAbGgAwIBAgIJAPaiFpQbYVI6MA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
 BAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlNZRE5FWTEMMAoGA1UECgwD
 QUJDMQ0wCwYDVQQLDARURVNUMRQwEgYDVQQDDAtsaW51eG1pbmlvbjAeFw0xOTA4
 MDkwMzQzMTJaFw0yMDA4MDgwMzQzMTJaMF8xCzAJBgNVBAYTAkFVMQwwCgYDVQQI
 DANOU1cxDzANBgNVBAcMBlNZRE5FWTEMMAoGA1UECgwDQUJDMQ0wCwYDVQQLDARU
 RVNUMRQwEgYDVQQDDAtsaW51eG1pbmlvbjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
 QQC6GHdfY93wUdG9EiJWX1tO8weIqb4AI1v5vePDfLvHKpNONyYuPuZxDEA/28p6
 E/2DyeKbbL/qFXmZzZZqfIW7AgMBAAGjUDBOMB0GA1UdDgQWBBSAmyU5AhjwAPLQ
 L8fiOOE+/10h1DAfBgNVHSMEGDAWgBSAmyU5AhjwAPLQL8fiOOE+/10h1DAMBgNV
 HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAS4gnZHzZTdSfLpffiNfh0FGgVIXR
 TGhYuU5iGDhK0xuZ4E9g3epmbaDlBpV5zVnIGIlOPVZav4CyXzPbzjPIrA==
 -----END CERTIFICATE-----
 subject=/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
 issuer=/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
 No client certificate CA names sent
 Server Temp Key: ECDH, P-256, 256 bits
 SSL handshake has read 1028 bytes and written 315 bytes
 New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
 Server public key is 512 bit     <------------------- LOOK AT THIS
 Secure Renegotiation IS supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 SSL-Session:
     Protocol  : TLSv1
     Cipher    : ECDHE-RSA-AES256-SHA
     Session-ID: 60EFAA782CF54899A15C846B18D72D74DACDD1325377E6AA60B11E64C5FFD06E
     Session-ID-ctx:
     Master-Key: FBEF880817CAFD780AA8EC8D4FAED2D921C67ECE2F16F36C7B8AC1281BCD93E1C9B4416425C2FCCB28E36598089DA6A5
     Key-Arg   : None
     Krb5 Principal: None
     PSK identity: None
     PSK identity hint: None
     TLS session ticket lifetime hint: 300 (seconds)
     TLS session ticket:
     0000 - e0 80 1f 9e 42 a5 a4 1f-27 69 99 43 3b 36 e5 2c   ….B…'i.C;6.,
     0010 - 1d 50 73 82 fa a6 e9 47-0d 4c df 55 3b ed ba 6a   .Ps….G.L.U;..j
     0020 - 4c 61 7d 65 25 af ae c5-44 32 c2 1b ff 75 b6 3f   La}e%…D2…u.?
     0030 - 4a 30 7e ec e3 f1 6a 0d-a2 1c e1 2b 6a 7c 43 53   J0~…j….+j|CS
     0040 - a3 3a 83 d0 be 19 24 97-22 7d 1b 0a d7 0e e7 af   .:….$."}……
     0050 - 01 d8 66 f7 7d 79 4a 46-66 ae 2f 9d c9 bf 61 24   ..f.}yJFf./…a$
     0060 - 99 23 d6 f9 7b e2 3c ad-e7 77 65 b7 32 ef f2 ee   .#..{.<..we.2…
     0070 - 07 b6 98 94 be 16 86 7e-36 a2 c4 4f e7 46 a8 6c   …….~6..O.F.l
     0080 - 94 b1 34 8e 6e ac d0 10-90 24 4b 41 3b 95 2c 29   ..4.n….$KA;.,)
     0090 - 37 a5 7b 10 3d 5d 6b 32-ad 44 37 da be 71 b9 f5   7.{.=]k2.D7..q..
     00a0 - d6 da e1 e5 67 e6 6b f9-96 01 a6 bf 2a ce 23 30   ….g.k…..*.#0
     00b0 - 84 02 ee 7f 3c 1f b9 51-ad 92 56 2b d4 ee 3f 34   ….<..Q..V+..?4
 Start Time: 1565322347 Timeout   : 7200 (sec)
     Verify return code: 18 (self signed certificate)
 DONE

Now, let us check the Modulus and Exponent of this certificate public key.

In Apache, look for SSLCertificateFile directive in /etc/httpd/conf.d/ssl.conf as follows:
[root@linuxminion]# cat /etc/httpd/conf.d/ssl.conf | grep -v ^# | grep -i sslcert
 SSLCertificateFile /etc/pki/tls/certs/linuxminion.crt
 SSLCertificateKeyFile /etc/pki/tls/private/linuxminion.key

Next, run the command to view the Modulus and Exponent of this Certificate as below.

[root@linuxminion]#openssl x509 -pubkey -noout -in /etc/pki/tls/certs/linuxminion.crt -text
 -----BEGIN PUBLIC KEY-----
 MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALoYd19j3fBR0b0SIlZfW07zB4ipvgAj
 W/m948N8u8cqk043Ji4+5nEMQD/bynoT/YPJ4ptsv+oVeZnNlmp8hbsCAwEAAQ==
 -----END PUBLIC KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             f6:a2:16:94:1b:61:52:3a
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=AU, ST=NSW, L=SYDNEY, O=ABC, OU=TEST, CN=linuxminion
         Validity
             Not Before: Aug  9 03:43:12 2019 GMT
             Not After : Aug  8 03:43:12 2020 GMT
         Subject: C=AU, ST=NSW, L=SYDNEY, O=ABC, OU=TEST, CN=linuxminion
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (512 bit)
                 Modulus:
                     00:ba:18:77:5f:63:dd:f0:51:d1:bd:12:22:56:5f:
                     5b:4e:f3:07:88:a9:be:00:23:5b:f9:bd:e3:c3:7c:
                     bb:c7:2a:93:4e:37:26:2e:3e:e6:71:0c:40:3f:db:
                     ca:7a:13:fd:83:c9:e2:9b:6c:bf:ea:15:79:99:cd:
                     96:6a:7c:85:bb
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier:
                 80:9B:25:39:02:18:F0:00:F2:D0:2F:C7:E2:38:E1:3E:FF:5D:21:D4
             X509v3 Authority Key Identifier:
   keyid:80:9B:25:39:02:18:F0:00:F2:D0:2F:C7:E2:38:E1:3E:FF:5D:21:D4

X509v3 Basic Constraints:
CA:TRUE 
Signature Algorithm: sha256WithRSAEncryption

4b:88:27:64:7c:d9:4d:d4:9f:2e:97:df:88:d7:e1:d0:51:a0:54:85:d1:4c:68:58:b9:4e:62:18:38:4a:d3:1b:99:e0:4f:60:dd:ea:66:6d:a0:e5:06:95:79:cd:59:c8:18:89:4e:3d:56:5a:bf:80:b2:5f:33:db:ce:33:c8:ac

Here we go, comparing this results with the scanner presented results do match and thus we now got hold of the vulnerable certificate.

Mitigation Steps – Install server certificate signed with a public key length of 2048 bits

Since it is recommended to install a server certificate signed with a public key length of at least 2048 bits or greater. We will be creating a self-signed certificate with RSA 2048 bits using Openssl as below.

[root@linuxminion]# openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout linuxminion2048.key -days 365 -out linuxminion2048.crt
 Generating a 2048 bit RSA private key
 …………..+++
 ………………………….+++
 writing new private key to 'linuxminion2048.key'
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 Country Name (2 letter code) [XX]:AU
 State or Province Name (full name) []:NSW
 Locality Name (eg, city) [Default City]:SYDNEY
 Organization Name (eg, company) [Default Company Ltd]:ABC
 Organizational Unit Name (eg, section) []:TEST
 Common Name (eg, your name or your server's hostname) []:linuxminion
 Email Address []:
 [root@linuxminion]#

Once done, copy both the certificate and private key to the relevant locations. In this case it is /etc/pki/tls/certs/ & /etc/pki/tls/private path.

[root@linuxminion]# cp -p linuxminion2048.crt /etc/pki/tls/certs/
[root@linuxminion]# cp -p linuxminion2048.key /etc/pki/tls/private/

Modify the directives in ssl config file /etc/httpd/conf.d/ssl.conf with these new certificate & key.

[root@linuxminion]# cat /etc/httpd/conf.d/ssl.conf | grep -v ^# | grep -i sslcert
 SSLCertificateFile /etc/pki/tls/certs/linuxminion2048.crt
 SSLCertificateKeyFile /etc/pki/tls/private/linuxminion2048.key

Next, Restart the httpd service

[root@linuxminion]# systemctl restart httpd.service

Test – Post Remediation

Since we have now installed recommended ssl certificate that is signed with public key lenght of 2048 bits, we are expecting this results to be shown by openssl command.

[root@linuxminion]# echo | openssl s_client -connect ec2-13-211-152-150.ap-southeast-2.compute.amazonaws.com:443
 CONNECTED(00000003)
 depth=0 C = AU, ST = NSW, L = SYDNEY, O = ABC, OU = TEST, CN = "linuxminion"
 verify error:num=18:self signed certificate
 verify return:1
 depth=0 C = AU, ST = NSW, L = SYDNEY, O = ABC, OU = TEST, CN = "linuxminion"
 verify return:1
 Certificate chain
  0 s:/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
    i:/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
 Server certificate
 -----BEGIN CERTIFICATE-----
 MIIDlTCCAn2gAwIBAgIJAOPszzycDZehMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV
 BAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlNZRE5FWTEMMAoGA1UECgwD
 QUJDMQ0wCwYDVQQLDARURVNUMRYwFAYDVQQDDA1saW51eCwIbWluaW9uMB4XDTE5
 MDgwOTA1MDkzOFoXDTIwMDgwODA1MDkzOFowYTELMAkGA1UEBhMCQVUxDDAKBgNV
 BAgMA05TVzEPMA0GA1UEBwwGU1lETkVZMQwwCgYDVQQKDANBQkMxDTALBgNVBAsM
 BFRFU1QxFjAUBgNVBAMMDWxpbnV4LAhtaW5pb24wggEiMA0GCSqGSIb3DQEBAQUA
 A4IBDwAwggEKAoIBAQC8s/XrDS2lRGdK3n51nJYn1aeMK5EESDvdLPkXvEXXEWYR
 4rnPYJGZ/8tKzwWfKlnaYfyJLrIasndlzrJzFYwl77fBJnmoHpYslEZv7dgpRtjx
 32nQOvv40thsV1Dmo4bhDsjHO15xBx/FxPKtqYmcmmcFTIK+rdwScv5bMmQH+++V
 RyvPPFreahpelbk/RKXkkTXmLL8wyLWN8Ed0CL2ypRShWuKbUeUqEkjm70U7Ellj
 aY68aoWTmdx1ZjVUG8yV1LrL85EiznZhQdK7yUi8a2n+x8NVoc8+l356t1zz4990
 9Z5Qcqyo3xt7+3y7W3ktouw8nO1O6/ia1R4utOmdAgMBAAGjUDBOMB0GA1UdDgQW
 BBRo7GkJKUz0fwYXNdrMxU2p0O1OvzAfBgNVHSMEGDAWgBRo7GkJKUz0fwYXNdrM
 xU2p0O1OvzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB60hfK5hE8
 fx54/je50hWRIm3voXApdmiL5BbTACTiYi9OeZ+/VMiGzAwiaZeWTo04eczVDToA
 vj3AhKcoWT8xu53O8m0t+5KfUY9ZGlnmorWmcmUjX/7WHaIqvL/kUZe+Rd75DmaU
 5u5FLW8OOVHibH0UizQLgvrNC6jQzdotL9ARYj+0myEt/sWM5XuoxugJf0TNGBzr
 Q87sVnQzsLjVSDgjGve61pget0rEWcOM5zS28Yl5c9w+U/LxbVJvcmh4QslF7NJO
 NmWlBVe0KSYJ/BHqQz85p3ejloVB4UVzMScLSWwPl0Z3wy//Cu1rVQTUzjSSNTOp
 eCwATbqmHQR1
 -----END CERTIFICATE-----
 subject=/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
 issuer=/C=AU/ST=NSW/L=SYDNEY/O=ABC/OU=TEST/CN=linuxminion
 No client certificate CA names sent
 Peer signing digest: SHA512
 Server Temp Key: ECDH, P-256, 256 bits
 SSL handshake has read 1612 bytes and written 415 bytes
 New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
 Server public key is 2048 bit               <--------------------------- LOOK AT THIS 
 Secure Renegotiation IS supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
     Session-ID: B1678F82819144670EB3A42B6EB9372BBE6EE357383A934F2639FA827CAD577D
     Session-ID-ctx:
     Master-Key: 1B811FD39F68E2E3ABE6224A953983C4E5138E3F49ED5E55ACFDD364A6DD2405F7D4DD3336863CF9407EFAB0517A2B6A
     Key-Arg   : None
     Krb5 Principal: None
     PSK identity: None
     PSK identity hint: None
     TLS session ticket lifetime hint: 300 (seconds)
     TLS session ticket:
     0000 - 51 80 db 44 cf 6b 6a 7e-79 66 24 22 5f 64 7f 9f   Q..D.kj~yf$"d..     0010 - 80 80 60 7a f7 33 6f a7-fc 32 ec 02 bf b2 64 4a   ..`z.3o..2….dJ     0020 - 2b c9 3d f5 54 e3 5d 55-ad ea aa 96 26 1d 49 e1   +.=.T.]U….&.I.     0030 - 75 78 0c 07 86 f4 b0 2c-8d 2f 49 94 af 39 17 3d   ux…..,./I..9.=     0040 - 47 4c bf cd f3 31 42 3d-1c 05 5f 90 5e 04 4b 5d   GL…1B=...^.K]
     0050 - 91 3a af 57 4e f3 97 b4-29 4a 05 0d c6 e8 d1 ae   .:.WN…)J……
     0060 - 8d a1 6e b1 da c8 83 82-b2 3b 76 6f 4f 46 f0 f5   ..n……;voOF..
     0070 - 92 0b 14 f9 4e c3 8b 35-c8 4c 04 14 15 7b 20 c4   ….N..5.L…{ .
     0080 - fd 26 12 48 c1 f1 65 f2-40 89 ac d9 90 b8 fb e7   .&.H..e.@…….
     0090 - 42 4e 14 fc 45 3a 58 61-22 2e 2c 47 33 4d b5 6b   BN..E:Xa".,G3M.k
     00a0 - 12 30 15 84 82 55 2c 95-da 55 76 cd e8 5b 7c ca   .0…U,..Uv..[|.
     00b0 - d1 d0 db 40 45 05 42 83-89 4d e7 1a 78 5f bf f2   …@E.B..M..x_..
 Start Time: 1565328565 Timeout   : 300 (sec)
     Verify return code: 18 (self signed certificate)
 DONE

If you want, have a look at the certificate we created.

[root@linuxminion]# openssl x509 -noout -text -in /etc/pki/tls/certs/linuxminion2048.crt
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             e3:ec:cf:3c:9c:0d:97:a1
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=AU, ST=NSW, L=SYDNEY, O=ABC, OU=TEST, CN=linux,\x08minion
         Validity
             Not Before: Aug  9 05:09:38 2019 GMT
             Not After : Aug  8 05:09:38 2020 GMT
         Subject: C=AU, ST=NSW, L=SYDNEY, O=ABC, OU=TEST, CN=linux,\x08minion
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
                     00:bc:b3:f5:eb:0d:2d:a5:44:67:4a:de:7e:75:9c:
                     96:27:d5:a7:8c:2b:91:04:48:3b:dd:2c:f9:17:bc:
                     45:d7:11:66:11:e2:b9:cf:60:91:99:ff:cb:4a:cf:
                     05:9f:2a:59:da:61:fc:89:2e:b2:1a:b2:77:65:ce:
                     b2:73:15:8c:25:ef:b7:c1:26:79:a8:1e:96:2c:94:
                     46:6f:ed:d8:29:46:d8:f1:df:69:d0:3a:fb:f8:d2:
                     d8:6c:57:50:e6:a3:86:e1:0e:c8:c7:3b:5e:71:07:
                     1f:c5:c4:f2:ad:a9:89:9c:9a:67:05:4c:82:be:ad:
                     dc:12:72:fe:5b:32:64:07:fb:ef:95:47:2b:cf:3c:
                     5a:de:6a:1a:5e:95:b9:3f:44:a5:e4:91:35:e6:2c:
                     bf:30:c8:b5:8d:f0:47:74:08:bd:b2:a5:14:a1:5a:
                     e2:9b:51:e5:2a:12:48:e6:ef:45:3b:12:59:63:69:
                     8e:bc:6a:85:93:99:dc:75:66:35:54:1b:cc:95:d4:
                     ba:cb:f3:91:22:ce:76:61:41:d2:bb:c9:48:bc:6b:
                     69:fe:c7:c3:55:a1:cf:3e:97:7e:7a:b7:5c:f3:e3:
                     df:74:f5:9e:50:72:ac:a8:df:1b:7b:fb:7c:bb:5b:
                     79:2d:a2:ec:3c:9c:ed:4e:eb:f8:9a:d5:1e:2e:b4:
                     e9:9d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier:
          68:EC:69:09:29:4C:F4:7F:06:17:35:DA:CC:C5:4D:A9:D0:ED:4E:BF
             X509v3 Authority Key Identifier:
    keyid:68:EC:69:09:29:4C:F4:7F:06:17:35:DA:CC:C5:4D:A9:D0:ED:4E:BF

X509v3 Basic Constraints:             
CA:TRUE 
Signature Algorithm: sha256WithRSAEncryption

7a:d2:17:ca:e6:11:3c:7f:1e:78:fe:37:b9:d2:15:91:22:6d:ef:a1:70:29:76:68:8b:e4:16:d3:00:24:e2:62:2f:4e:79:9f:bf:54:c8:86:cc:0c:22:69:97:96:4e:8d:38:79:cc:d5:0d:3a:00:be:3d:c0:84:a7:28:59:3f:31:bb:9d:ce:f2:6d:2d:fb:92:9f:51:8f:59:1a:59:e6:a2:b5:a6:72:65:23:5f:fe:d6:1d:a2:2a:bc:bf:e4:51:97:be:45:de:f9:0e:66:94:e6:ee:45:2d:6f:0e:39:51:e2:6c:7d:14:8b:34:0b:82:fa:cd:0b:a8:d0:cd:da:2d:2f:d0:11:62:3f:b4:9b:21:2d:fe:c5:8c:e5:7b:a8:c6:e8:09:7f:44:cd:18:1c:eb:43:ce:ec:56:74:33:b0:b8:d5:48:38:23:1a:f7:ba:d6:98:1e:b7:4a:c4:59:c3:8c:e7:34:b6:f1:89:79:73:dc:3e:53:f2:f1:6d:52:6f:72:68:78:42:c9:45:ec:d2:4e:36:65:a5:05:57:b4:29:26:09:fc:11:ea:43:3f:39:a7:77:a3:96:85:41:e1:45:73:31:27:0b:49:6c:0f:97:46:77:c3:2f:ff:0a:ed:6b:55:04:d4:ce:34:92:35:33:a9:78:2c:00:4d:ba:a6:1d:04:75

The Scanner should now treat this vulnerability as fixed and should not report it. Have the scanner run the scan against the remediated host and see how it goes.

Leave a Reply

Your email address will not be published.