33 matches found
OpenCA < 0.9.1-9 Web Interface Form Input Field XSS
Binary data 2267.prm...
OpenCA Security Advisory: Cross Site Scripting vulnerability
OpenCA Security Advisory: Cross Site Scripting vulnerability Authors Martin Bartosch [email protected] Michael Bell [email protected] 2004-09-01 Initial revision 2004-09-06 Public release Summary ------- The OpenCA Project is a collaborative effort to develop a robust, full-feature...
OpenCA crossite scripting
No description provided...
CVE-2004-0004
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing...
CVE-2004-0004
Affects OpenCA : OpenCA 0.9.1.6 and earlier use crypto-utils.lib’s libCheckSignature, which compares only the certificate serial to the database entry. This can allow a signature to be accepted if the signer's certificate chain is trusted by OpenCA’s chain directory, enabling an attacker to spoof...
CVE-2004-0004
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing...
OpenCA libCheckSignature function fails to properly verify the signature of certificates
Overview OpenCA may accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. Description The OpenCA PKI Development Project is a Certification Authority. A vulnerability exists in the way the libCheckSignature function compares the certificate ...
OpenCA certificate spoofing
A flaw could cause OpenCA to accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. This means that a certificate from another PKI can authorize operations on the used PKI if the chain of the used signature certifcate can establish a trust...
[OpenCA Advisory] Vulnerability in signature verification
OpenCA Security Advisory 16 January 2004 Vulnerability in signature validation ===================================== A flaw in OpenCA before version 0.9.1.7 could cause OpenCA to accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. This mea...
CVE-2003-0960
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates...
CVE-2003-0960
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates...
CVE-2003-0960
CVE-2003-0960 refers to a vulnerability in OpenCA where, before 0.9.1.4, the system did not use the correct certificate in a chain when checking the serial, which could allow revoked or expired certificates to be accepted as valid. Multiple connected sources (SUSE advisory, OpenVAS/NASL/Nessus en...
[OpenCA Advisory] Vulnerabilities in signature verification
OpenCA Security Advisory 28 November 2003 Vulnerabilities in signature validation ======================================= Multiple flaws in OpenCA before version 0.9.1.4 could cause OpenCA to use an incorrect certificate in the chain to determine the serial being checked which could lead to...