CVE-2004-2761

MEDIUM

Description

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

References

http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/

http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx

http://secunia.com/advisories/33826

http://secunia.com/advisories/34281

http://secunia.com/advisories/42181

http://securityreason.com/securityalert/4866

http://securitytracker.com/id?1024697

http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html

http://www.doxpara.com/research/md5/md5_someday.pdf

http://www.kb.cert.org/vuls/id/836068

http://www.microsoft.com/technet/security/advisory/961509.mspx

http://www.phreedom.org/research/rogue-ca/

http://www.securityfocus.com/archive/1/499685/100/0/threaded

http://www.securityfocus.com/bid/33065

http://www.ubuntu.com/usn/usn-740-1

http://www.win.tue.nl/hashclash/rogue-ca/

http://www.win.tue.nl/hashclash/SoftIntCodeSign/

https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php

https://bugzilla.redhat.com/show_bug.cgi?id=648886

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

https://rhn.redhat.com/errata/RHSA-2010-0837.html

https://rhn.redhat.com/errata/RHSA-2010-0838.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us

https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html

Details

Source: MITRE

Published: 2009-01-05

Updated: 2018-10-19

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
95631SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)NessusGeneral
info
7201TLS Certificate Signed Using Weak Hashing Algorithm - MD5Nessus Network MonitorGeneric
medium
37463Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : nss, firefox vulnerability (USN-740-1)NessusUbuntu Local Security Checks
medium
35595Fedora 9 : nss-3.12.2.0-2.fc9 (2009-1276)NessusFedora Local Security Checks
medium
4805SSL Certificate Signed Using Weak Hashing AlgorithmNessus Network MonitorGeneric
medium
4804SSL Certificate Signed Using Weak Hashing AlgorithmNessus Network MonitorGeneric
medium
4803SSL Certificate Signed Using Weak Hashing AlgorithmNessus Network MonitorGeneric
medium
35291SSL Certificate Signed Using Weak Hashing AlgorithmNessusGeneral
medium