The SSL Certificate Signed Using Weak Hashing Algorithm when detected with a vulnerability scanner will report it as a CVSS 7.5.
CVSS is a scoring system for vulnerability systems, its an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.
โ
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
To remediate this vulnerability please reissue a new SSL certificate with a strong hashing algorithm such as SHA2 or SHA3 instead of SHA1 and MD5.
If the SSL certificate is controlled by a CA or another third-party please contact them to re-issue a new certificate with a stronger hashing algorithm.