Self signed user certificate
Plugin details
| Severity | Medium |
|---|---|
| ID | 10016 |
| Category | Authentication |
| CVSS score | 5.4 |
| CVSS link | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Synopsis
The server can be accessed using unauthorized users.
Description
The server trusts users applications with self-signed certificates. With this setting, user authentication is effectively disabled. Without user authentication, the server can be accessed by unauthorized personnel.
Solution
Only trust user certificates signed by a trusted authority.