Vulnerability scanner reports the certificate used by SCSP is weak.
|Article:TECH178081|||||Created: 2011-12-31|||||Updated: 2012-08-22|||||Article URL http://www.symantec.com/docs/TECH178081|
When using a vulnerability scanner against SCSP, the scanner reports a vulnerability of the certificate which is used by SCSP due to the MD5 signature algorithm.
In previous versions, the certificate was signed with the MD5 hash algorithm, in which the digital signature strength was 16 Bytes. The MD5 hash algorithm has a vulnerability that it can be cracked through parallel computing.
Symantec is aware of the vulnerability and has replaced MD5 to SHA1 as the hash algorithm to sign the signature in the version 5.2.7 or later.
To avoid the vulnerability, upgrade to the latest version.
Article URL http://www.symantec.com/docs/TECH178081