Palo Alto Networks Knowledgebase: Nessus Vulnerability Scan Reported Weak and Untrusted Certificate on User-ID Agent
Nessus Vulnerability Scan Reported Weak and Untrusted Certificate on User-ID Agent
Created On 02/07/19 23:42 PM - Last Updated 02/07/19 23:43 PM
The Nessus vulnerability scan reported weak and untrusted certificate on the User-ID Agent.
All User-ID Agent installations use the same certificate, "ca-cert.pem". This is by design to balance the Palo Alto Networks firewall management plane performance when communicating to the User-ID Agent.
The MD5 hash on the certificate is under C:\Program Files \Palo Alto Networks\User-ID Agent\ca-cert.pem and yields a value of 1c4b5646d3fb8814c9944d3908396316.
The current User-ID Agent default install will have the following characteristics:
The default certificate key is only 1048
The default certificate cipher is weak using RC4 cipher
The default certificate is only self signed no level of authority
The default certificate is not trusted from perspective of vulnerability scanners