CVE-2004-2761 - The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-depen

CVE-2004-2761

Summary

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. There are four significant mitigating factors. 1) Most enterprise-class certificates, such as VeriSign’s Extended Validation SSL Certificates use the still secure SHA-1 hash function. 2) Certificates already issued with MD5 signatures are not at risk. The exploit only affects new certificate acquisitions. 3) CAs are quickly moving to replace MD5 with SHA-1. For example, VeriSign was planning to phase out MD5 by the end of January 2009. The date was pushed up due to the December proof of concept. On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures. 4)The researchers did not release the under-the-hood specifics of how the exploit was executed. Source - http://www.techrepublic.com/blog/it-security/the-new-md5-ssl-exploit-is-not-the-end-of-civilization-as-we-know-it/?tag=nl.e036

References

Vulnerable Configurations

cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*
cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*
cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*
cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:30)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

redhat via4

advisories

rhsa
id RHSA-2010:0837
rhsa
id RHSA-2010:0838

rpms

rhpki-ca-0:7.3.0-21.el4
rhpki-common-0:7.3.0-41.el4
rhpki-util-0:7.3.0-21.el4
pki-ca-0:8.0.7-1.el5pki
pki-common-0:8.0.6-2.el5pki
pki-common-javadoc-0:8.0.6-2.el5pki
pki-util-0:8.0.5-1.el5pki
pki-util-javadoc-0:8.0.5-1.el5pki

refmap via4

bid	33065
bugtraq	20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate
cert-vn	VU#836068
cisco	20090115 MD5 Hashes May Allow for Certificate Spoofing
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=648886 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
fedora	FEDORA-2009-1276
misc	http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/ http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx http://www.doxpara.com/research/md5/md5_someday.pdf http://www.microsoft.com/technet/security/advisory/961509.mspx http://www.phreedom.org/research/rogue-ca/ http://www.win.tue.nl/hashclash/SoftIntCodeSign/ http://www.win.tue.nl/hashclash/rogue-ca/ https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
sectrack	1024697
secunia	33826 34281 42181
sreason	4866
ubuntu	USN-740-1

statements via4

contributor	Mark J Cox
lastmodified	2009-01-07
organization	Red Hat
statement	Please see http://kbase.redhat.com/faq/docs/DOC-15379

Last major update

19-10-2018 - 15:30

Published

05-01-2009 - 20:30

Last modified

19-10-2018 - 15:30