
SHA-1 Security Vulnerability Scan and How to Fix


SHA-1 (Secure Hash Algorithm) is a cryptographic hash function produces 160-bit hash value, and it’s considered weak.
It’s quite interesting to know – there are 93 % of a website is vulnerable to SHA1 on the Internet.
Google has started gradually sunsetting SHA-1 and Chrome version 39 and later will indicate visual security warning on websites with SHA-1 SSL certificate with validity beyond 1st Jan 2016.
Web Administrator is busy with so many vulnerabilities this year like Freak Attack, Heartbleed, Logjam. Well, that’s how Web Security is evolving, and one of the challenging tasks for Web Security Administrator would be to keep up-to-date on one’s knowledge and act wisely on security vulnerabilities to secure Web Applications.
In this article, I will talk about how to check for SHA-1 vulnerability and how you can fix this.
Test SSL SHA-1 bug
One of the quickest ways to test if your website SSL is signed with SHA-1 would be to hit the following URL and enter the URL and click on Go.
URL: https://shaaaaaaaaaaaaa.com/
If it’s signed with SHA-1, you will get following dang
else you will get a nice message.
You may also check the following, which can help to check SHA-1.
Fix SSL SHA-1 bug
Fixing SHA-1 means you need to get an SSL certificate signed with SHA-2.
Some SSL cert providers can provide you a cert with SHA-2 signed, however, in most cases you would like to get the new SSL certificate signed and implement it.
To get SHA-2 certificate using OpenSSL
openssl req -new -sha256 -key example.key -out example.csr
You may also generate certificate online on the following:-
https://certificatesssl.com/ssl-tools/csr-generator.html
I hope now you know if your website SSL is SHA-1 signed and understood the procedure to fix this.
More great readings on Security
-
Protect Your Web Applications and APIs with G-Core Labs WAFAmrita Pathak on June 10, 2022
-
Create an Incident Report in Minutes With These TemplatesSatish Shethi on June 6, 2022
-
Software Composition Analysis (SCA): Everything You Need to Know in 2022Amrita Pathak on May 26, 2022
-
Best On-premise Password Manager for Your Business – PassworkHitesh Sant on June 1, 2022
-
How to Scan and Fix Log4j Vulnerability?Amrita Pathak on May 10, 2022
-
How to Protect Your WordPress Site with iThemes Security ProHitesh Sant on May 7, 2022
Join Geekflare Newsletter
Every week we share trending articles and tools in our newsletter. More than 10,000 people enjoy reading, and you will love it too.