Vulnerability Description
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ietf | Md5 | - |
| Ietf | X.509 Certificate | - |
Related Weaknesses (CWE)
References
- http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certifi
- http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collis
- http://secunia.com/advisories/33826
- http://secunia.com/advisories/34281
- http://secunia.com/advisories/42181
- http://securityreason.com/securityalert/4866
- http://securitytracker.com/id?1024697
- http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.h
- http://www.doxpara.com/research/md5/md5_someday.pdf
- http://www.kb.cert.org/vuls/id/836068Third Party AdvisoryUS Government Resource
- http://www.microsoft.com/technet/security/advisory/961509.mspxMitigationPatchVendor Advisory
- http://www.phreedom.org/research/rogue-ca/
- http://www.securityfocus.com/archive/1/499685/100/0/threaded
- http://www.securityfocus.com/bid/33065
- http://www.ubuntu.com/usn/usn-740-1
FAQ
What is CVE-2004-2761?
CVE-2004-2761 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the sign...
How severe is CVE-2004-2761?
CVE-2004-2761 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2761?
Check the references section above for vendor advisories and patch information. Affected products include: Ietf Md5, Ietf X.509 Certificate.