CVE-2004-0004
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/02/2004
Last modified:
03/04/2025
Description
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openca:openca:*:*:*:*:*:*:*:* | 0.9.1.6 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=107427313700554&w=2
- http://www.kb.cert.org/vuls/id/336446
- http://www.openca.org/news/CAN-2004-0004.txt
- http://www.osvdb.org/3615
- http://www.securityfocus.com/bid/9435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14847
- http://marc.info/?l=bugtraq&m=107427313700554&w=2
- http://www.kb.cert.org/vuls/id/336446
- http://www.openca.org/news/CAN-2004-0004.txt
- http://www.osvdb.org/3615
- http://www.securityfocus.com/bid/9435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14847