DNSSEC Using RSASHA1
- Query id: ccc3100c-0fdd-4a5e-9908-c10107291860
- Query name: DNSSEC Using RSASHA1
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- CWE: 326
- URL: Github
Description¶
DNSSEC should not use the RSASHA1 algorithm, which means if, within the 'dnssec_config' block, the 'default_key_specs' block exists with the 'algorithm' field is 'rsasha1' which is bad.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_dns_managed_zone" "positive1" {
name = "example-zone"
dns_name = "example-${random_id.rnd.hex}.com."
description = "Example DNS zone"
labels = {
foo = "bar"
}
dnssec_config {
default_key_specs{
algorithm = "rsasha1"
}
}
}