Certificate RSA Key Bytes Lower Than 256

  • Query id: d5ec2080-340a-4259-b885-f833c4ea6a31
  • Query name: Certificate RSA Key Bytes Lower Than 256
  • Platform: Ansible
  • Severity: Medium
  • Category: Insecure Configurations
  • CWE: 295
  • URL: Github

Description

The certificate should use a RSA key with a length equal to or higher than 256 bytes
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: upload a self-signed certificate
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'rsa1024.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: upload a self-signed certificate2
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'rsa4096.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2