3 matches found
PT-2026-47830
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...
ruby: OpenSSL::X509:: Name equality check does not work correctly
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...
PT-2005-3792 · Openssl +1 · Openssl +2
Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8 Description: The issue is related to the default configuration of OpenSSL, which uses MD5 for creating message digests. This makes it easier for remote attackers to forge certificates with a valid certificate...