Neglected assets

Expired SSL Certificate for a Subdomain

Risk Level

Hazardous (3)

Platform(s)

  • N/A

Compliance Frameworks

Description

The certificate for {Subdomain.Name} has expired. Expired certificates can not be validated and can not guarantee ownership of a subdomain. This means a user could not distinguish access to the correct website and a fake one and opens users of this website to the risk of an MITM attack

  • Recommended Mitigation

    Access the domain through a modern browser to see if the user is alerted on the certificate's status. Review the certificate and renew it if it is indeed expired.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.