Weak Authenticode timestamp counter-signature digest algorithm

ID PE178 Level ERROR Category Security

Description

Authenticode timestamp counter-signature digest algorithm is too weak. This may allow an attacker to modify the executable while keeping the signature valid.

If the goal is to support older operating systems which do not handle stronger hashes (like Windows XP, which supports MD5 and SHA1 only), use dual-signing with the /as SignTool option. First sign with a weaker algorithm, and then with a stronger one. Example:

signtool.exe sign /f cert_file.pfx /fd sha1 /t http://timestamp.comodoca.com/authenticode /p cert_password
signtool.exe sign /f cert_file.pfx /as /fd sha256 /tr http://timestamp.comodoca.com/rfc3161 /td sha256 /p cert_password

Mitigation

  • Use stronger hash algorithm when signing the image. MD5 and SHA1 algorithms are no longer considered safe. Use SHA256, SHA384 or SHA512.
  • When signing the image using signtool, pass the /td option with the strong hash name (e.g. /td SHA256). See the signtool description page for more details.

Arguments

This rule has the following output arguments:

  • signature_info - Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)")
  • hash_algorithm - Weak hash algorithm used in the signature (e.g. MD5, SHA1)