CVE-2009-0049
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
07/01/2009
Last modified:
09/04/2025
Description
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:eid:eidlib:*:*:*:*:*:*:*:* | 2.6.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
- http://secunia.com/advisories/34029
- http://www.ocert.org/advisories/ocert-2008-016.html
- http://www.securityfocus.com/archive/1/499827/100/0/threaded
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
- http://secunia.com/advisories/34029
- http://www.ocert.org/advisories/ocert-2008-016.html
- http://www.securityfocus.com/archive/1/499827/100/0/threaded