The SHA-1 chosen-prefix collision attack provides evidence that SHA-1 should not be used as a trusted hash function for security purposes.
If SHA-1 is being used in SSL leaf certificates, the TLS/SSL Certificates finding is graded BAD.
Remediation
To see if your organization is vulnerable, search for “sha1” within your TLS/SSL Certificates findings and update the affected certificates.
Resources
CBS Interactive, “SHA-1 collision attacks are now actually practical and a looming danger”
May 17, 2019: Published.
Feedback
0 comments
Please sign in to leave a comment.