Vulnerability Note VU#336446
OpenCA libCheckSignature function fails to properly verify the signature of certificates
OpenCA may accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA.
The OpenCA PKI Development Project is a Certification Authority. A vulnerability exists in the way the libCheckSignature function compares the certificate in the database and the certificate of the signer.
From the OpenCA Security Advisory:
of a signature if the chain of the signature can create a trust relationship to the chain directory of OpenCA and a certificate with a matching serial exists in the used PKI.
See the OpenCA Security Advisory for further details.
OpenCA may accept the signature of a certificate if the certificate's chain is trusted by the chain directory of OpenCA. This could allow a certificate from another PKI to authorize operations on the used PKI.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|OpenCA||Affected||-||19 Jan 2004|
CVSS Metrics (Learn More)
Thanks to OpenCA for the information contained in their security advisory. OpenCA credits Alexandru Matei for discovering this vulnerability.
This document was written by Damon Morda.
- CVE IDs: CAN-2004-0004
- Date Public: 16 Jan 2004
- Date First Published: 19 Jan 2004
- Date Last Updated: 22 Jan 2004
- Severity Metric: 1.69
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.