New security tests, October 19, 2017: ROCA – vulnerable RSA generation

Detectify has introduced 21 new security modules designed to identify vulnerabilities in websites, including several specific to WordPress and the ROCA vulnerability associated with RSA key generation. The highlighted vulnerability, CVE-2017-15361, stems from Infineon Technologies AG's software library used in cryptography hardware, potentially affecting HTTPS certificate holders if their keys were generated with this hardware. If a site is found vulnerable to ROCA, it's advised to contact the certificate issuer to revoke and replace the affected certificates to prevent misuse by attackers. Users can test their keys independently using third-party services like keychest.net and keytester.cryptosense.com. The update also covers various WordPress vulnerabilities, including authenticated XSS, SQL injection, and CSRF, underscoring the importance of regular security checks to mitigate potential risks.