OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness

high Nessus Plugin ID 14715

Synopsis

A remote application is vulnerable to signature verification bypass.

Description

The remote host seems to be running an older version of OpenCA.

It is reported that OpenCA versions up to and incluing 0.9.1.6 contains a flaw that may lead an attacker to bypass signature verification of a certificate.

Solution

Upgrade to the newest version of this software.

Plugin Details

Severity: High

ID: 14715

File Name: openca_sign_verif.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 9/13/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/16/2004

Reference Information

CVE: CVE-2004-0004

BID: 9435