Authenticode signing certificate subject DN invalid attributes

ID PE187 Level CRITICAL Category Format

Description

Authenticode signing certificate subject distinguished name has some attributes which are not valid (have invalid ASN.1 DER representations). Attributes which are checked by the software:

  • Common name (CN)
  • Organization (O)
  • Locality (L)
  • State or province (P)
  • Country (C)

The attributes argument of the rule output will contain a comma-separated list of the attribute abbreviations.

Mitigation

  • Use the well-established software to generate CSR (certificate signing requests), such as openssl.
  • Do not modify, compress or pack the signed executable.

Arguments

This rule has the following output arguments:

  • signature_info - Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)")
  • attributes - Comma-separated list of the attribute abbreviations