CVE-2004-0004

Name of the Vulnerable Software and Affected Versions OpenCA versions 0.9.1.6 and earlier

Description The issue arises from the libCheckSignature function in crypto-utils.lib, which only compares the serial of the signer's certificate and the one in the database. This comparison can lead to OpenCA incorrectly accepting a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.

Recommendations For OpenCA versions 0.9.1.6 and earlier, consider restricting access to the libCheckSignature function until a patch is available, or apply configuration changes to enhance certificate chain validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.