CVE-2004-2761

CVSS 9.8 CRITICALEPSS 9.9%CWE-328

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/24807unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php https://bugzilla.redhat.com/show_bug.cgi?id=648886 http://secunia.com/advisories/33826 http://secunia.com/advisories/34281 http://secunia.com/advisories/42181 http://securityreason.com/securityalert/4866 http://securitytracker.com/id?1024697 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02