HackerOne: Insecure SHA1withRSA in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com

2017-05-03T05:34:43
ID H1:225754
Type hackerone
Reporter evanricafort
Modified 2017-06-21T23:52:04

Description

Hello,

I just found some minor issue with RSA 2048 bits (SHA1withRSA) in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com thru Qualys SSL Labs and wanted to report it.

Proof of Concept

https://www.ssllabs.com/ssltest/analyze.html?d=b5s.hackerone-ext-content.com Result: SHA1withRSA INSECURE https://www.ssllabs.com/ssltest/analyze.html?d=a4l.hackerone-ext-content.com Result: SHA1withRSA INSECURE

I hope you will fix this issue.

Cheers, Evan