+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: General topics (/forumdisplay.php?fid=15)
+--- Thread: SSL Certificate Signed Using Weak Hashing Algorithm (/showthread.php?tid=46751)
SSL Certificate Signed Using Weak Hashing Algorithm - LaughingBoy - 07-06-2023 03:17 AM
We recently had an internal security scan and this result showed up referencing all of our yealink phones:
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.
The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.
Subject : C=CN/ST=Fujian/L=Xiamen/O=Yealink Network Technology Co.,Ltd./OU=Yealink Equipment/CN=[SCRUBBED]/E=support@yealink.com
Signature Algorithm : MD5 With RSA Encryption
Valid From : Mar 01 00:00:00 2014 GMT
Valid To : Feb 24 00:00:00 2034 GMT
Can Yealink please provide an ssl certificate that has stronger encryption so that we can pass our security audit?