Alexandru Matei

**Name of the Vulnerable Software and Affected Versions** OpenCA versions 0.9.1.6 and earlier **Description** The issue arises from the `libCheckSignature` function in `crypto-utils.lib`, which only compares the serial of the signer's certificate and the one in the database. This comparison can lead to OpenCA incorrectly accepting a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. **Recommendations** For OpenCA versions 0.9.1.6 and earlier, consider restricting access to the `libCheckSignature` function until a patch is available, or apply configuration changes to enhance certificate chain validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.