5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
pki is vulnerable to spoofing attacks. The certificate authority used the MD5 hash algorithm to sign all SCEP protocol responses. As MD5 is not collision resistant, an attacker could use this flaw to perform an MD5 chosen-prefix collision attack to generate attack-chosen output signed using the certificate authority’s key.
blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
secunia.com/advisories/33826
secunia.com/advisories/34281
secunia.com/advisories/42181
securityreason.com/securityalert/4866
securitytracker.com/id?1024697
www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
www.doxpara.com/research/md5/md5_someday.pdf
www.kb.cert.org/vuls/id/836068
www.microsoft.com/technet/security/advisory/961509.mspx
www.phreedom.org/research/rogue-ca/
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/archive/1/499685/100/0/threaded
www.securityfocus.com/bid/33065
www.ubuntu.com/usn/usn-740-1
www.win.tue.nl/hashclash/rogue-ca/
www.win.tue.nl/hashclash/SoftIntCodeSign/
access.redhat.com/errata/RHSA-2010:0838
blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
bugzilla.redhat.com/show_bug.cgi?id=648886
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
rhn.redhat.com/errata/RHSA-2010-0837.html
rhn.redhat.com/errata/RHSA-2010-0838.html
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html