Rapid7 Vulnerability & Exploit Database

MD5-based Signature in TLS/SSL Server X.509 Certificate

Back to Search

MD5-based Signature in TLS/SSL Server X.509 Certificate

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
08/17/2004
Created
07/25/2018
Added
01/05/2009
Modified
02/13/2015

Description

Multiple weaknesses exist in the MD5 cryptographic hash function, which make it insecure when used to sign X.509 certificates. Namely:

  • In August 2004, Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu published the results of a collision attack.
  • In October 2006, Marc Stevens, Arjen K. Lenstra, and Benne de Weger produced a pair of colliding X.509 certificates for different identities. The method used to produce them was later published in the EuroCrypt 2007 Proceedings, and described as one practical application of chosen-prefix collision attacks.
  • In December 2008, a larger team of security researchers used this attack to create a rogue CA certificate, allowing them to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Solution(s)

  • fix-tls-server-cert-sig-alg-md5

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;