Some machines appeared in my scan with Vulnerability Level 2 and showed the informations below (there is no vendor reference for it).
X.509 Certificate MD5 Signature Collision Vulnerability
Certificate CN=aeagent at level 0 was signed using md5WithRSAEncryption algorithm which is considered weak.
If the certificate is signed using MD5 hash function then a new certificate should be obtained which uses a more collision proof hashing algorithm such as SHA. If the CA of the certificate is signed using MD5 then a different CA should be used which doesn't have this vulnerability.
Cisco ASA appliance Workaround -
Instructions on changing the signing hash for Cisco ASA's self signed certificates are available at the Cisco Security Response Web page MD5 Hashes May Allow for Certificate Spoofing (http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html).
As I'm checking workstations, the part of Cisco ASA could be discarted.
Source: The Exploit-DB
Description:MD5 Message Digest Algorithm Hash Collision Weakness - The Exploit-DB Ref : 24807
Any idea for what should be done on this Workaround? What are the steps?
Thanks in advance!