SSL Subject Alternative Names (SAN)

It is possible to list multiple domains a certificate is valid for within one single certificate. Having fewer certificates can make the server setup easier as well as certificates cheaper. However, it also means any user visiting the site can see what other sites are using the same certificate.

This in itself is not a vulnerability, but the information can aid an attacker in further attacks.

What can happen?

An attacker can use the alternative domain names to find other potential targets residing on the same server. By attacking another site on the same server the attacker might eventually be able to take over the initial target.


If this is considered a problem, use certificates with a single common name instead. If this is not considered a problem, mark the finding as Accepted Risk and it will be automatically filtered out in the future.

This finding is intended as information that the developers need to be aware of, rather than a warning about a direct vulnerability.