Palo Alto Networks Knowledgebase: Nessus Vulnerability Scan Reported Weak and Untrusted Certificate on User-ID Agent

Nessus Vulnerability Scan Reported Weak and Untrusted Certificate on User-ID Agent

2315
Created On 02/07/19 23:42 PM - Last Updated 02/07/19 23:43 PM
Certificate Management
Resolution

Issue

The Nessus vulnerability scan reported weak and untrusted certificate on the User-ID Agent.

 

Cause

All User-ID Agent installations use the same certificate, "ca-cert.pem". This is by design to balance the Palo Alto Networks firewall management plane performance when communicating to the User-ID Agent.

 

The MD5 hash on the certificate is under C:\Program Files \Palo Alto Networks\User-ID Agent\ca-cert.pem and yields a value of 1c4b5646d3fb8814c9944d3908396316.

Screen Shot 2014-03-07 at 11.12.25 AM.png

 

The current User-ID Agent default install will have the following characteristics:

  • The default certificate key is only 1048
  • The default certificate cipher is weak using RC4 cipher
  • The default certificate is only self signed no level of authority
  • The default certificate is not trusted from perspective of vulnerability scanners

 

owner: jlunario



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClxRCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language