Certificate is Signed Using a Weak Signature Algorithm

Summary

Acunetix 360 detected that a certificate is signed using a weak signature algorithm.

The weak signature algorithm is known to be cryptographically weak and vulnerable to collision attacks.

Attackers can observe the encrypted traffic between your website and its visitors by leveraging the use of this vulnerability.

You'll need to generate a new certificate request, and get your CA to issue you a new certificate using SHA-2.

High

PCI v3.2-6.5.4 CAPEC-459 ISO27001-A.10 WASC-4 OWASP 2013-A6 OWASP 2017-A3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N