Certificate RSA Key Bytes Lower Than 256

Query id: d5ec2080-340a-4259-b885-f833c4ea6a31
Query name: Certificate RSA Key Bytes Lower Than 256
Platform: Ansible
Severity: Medium
Category: Insecure Configurations
CWE: 295
URL: Github

Description¶

The certificate should use a RSA key with a length equal to or higher than 256 bytes
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

- name: upload a self-signed certificate
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'rsa1024.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2

Code samples without security vulnerabilities¶

Negative test num. 1 - yaml file

- name: upload a self-signed certificate2
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'rsa4096.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2