PT-2005-3792 · Openssl+1 · Openssl+2
Published
2005-09-16
·
Updated
2024-02-09
·
CVE-2005-2946
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenSSL versions prior to 0.9.8
Description
The issue is related to the default configuration of OpenSSL, which uses MD5 for creating message digests. This makes it easier for remote attackers to forge certificates with a valid certificate authority signature. The problem arises because MD5 is not a cryptographically strong algorithm, allowing attackers to bypass security restrictions.
Recommendations
For versions prior to 0.9.8, update to a version that uses a more cryptographically strong algorithm for creating message digests. As a temporary workaround, consider configuring OpenSSL to use a stronger algorithm for message digests until a patch is available.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Asa
Cisco Ios Xr
Openssl