openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

CVE-2026-42769

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in OSSLCMPget1rootCaKeyUpdate. An attacker with credentials that satisfy the CMP message protection checks, such as a Registration Authority, can replace the root CA certificate held by affected CMP clien...

EUVD-2026-35486

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

CVE-2026-42769

Summary: CVE-2026-42769 arises from an error in the CMP Root CA key rollover verification in OpenSSL. A typo in the certificate chain building code caused the verifier to add the wrong certificate ("newWithOld" instead of the intended "oldRoot") to the chain, rendering the verification ineffectiv...

PT-2026-47839

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An error in the callback used to verify certificates during a Root CA key update in the Certificate Management Protocol CMP renders certificate validation ineffectual. Specifically, a typo in...

CVE-2022-26355

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

CVE-2022-26355 Citrix Federated Authentication Service (FAS)

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

Citrix Federated Authentication Service (FAS) Security Update

An issue has been identified in Citrix Federated Authentication Service FAS which causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider...

PT-2021-22798 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions prior to 7.6.0 Description: An issue was discovered where the CMP RA Mode in PrimeKey EJBCA can be exploited by using a known client certificate to authenticate enrolling clients. The same RA client certificate is used...

PT-2020-17067 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions prior to 7.4.3 Description: An issue exists when enrolling with EST while proxied through an RA over the Peers protocol, allowing enrollment with a valid client certificate through any functioning and authenticated RA...

Coca-Cola reserved 16 Million MAC addresses to race in The Internet of Things

Have you seen the Coca-Cola "Freestyle" soda fountain yet? Instead of levers for different sodas, you have got a touchscreen, interface like an iPad and with a Push button you can have 127 Flavors of sodas. There are more than 3,500 such machines are installed inside the world’s Burger Kings and...

[SECURITY] Fedora 17 Update: pki-tps-9.0.11-1.fc17

Certificate System CS is an enterprise software system designed to manage enterprise Public Key Infrastructure PKI deployments. The Token Processing System TPS is an optional PKI subsystem that acts as a Registration Authority RA for authenticating and processing enrollment requests, PIN reset...

Two more Comodo registration authority accounts compromised !

Two more Comodo registration authority accounts compromised ! Certification company's humiliation drags on as hacker scalps two more Comodo registration authority accounts The Iranian hacker that managed to trick Comodo into issuing nine fraudulent certificates appears to have compromised two mor...

Hacker Takes Credit For Attack on Comodo

Someone claiming to be the person behind last week’s attack on a registration authority tied to Comodo has posted an explanation of the methods he supposedly used and the reasons for the attack. The rambling, disjointed message claims that the Comodo attack was not the act of an organized,...

CVE-2009-0588

agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...

CVE-2009-0588

agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...

rhpki-ra: improper authorization checks in Cerificate System's Registration Authority

agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...

CVE-2007-5703

Multiple cross-site scripting XSS vulnerabilities in 1 Request-spk.xuda and 2 Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...