|
|
CVE Reference: CVE-2004-0004 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-0004 |
|
|
Description: The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. |
|
|
CVE Status: Entry |
|
|
References: XF OSVDB 3615 CONFIRM http://www.openca.org/news/CAN-2004-0004.txt CERT-VN 336446 BUGTRAQ BID 9435 |
|
| Return to the previous page. |
