| VID |
21379 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The OpenCA, according to the version number, has a Signature Verification Bypass Vulnerability.
OpenCA is a Certification Authority security project for authenticating user credentials. OpenCA versions prior to 0.9.1.7 could allow a remote attacker to bypass signature verification, caused by the flaw in the 'libCheckSignature' function in the 'crypto-utils.lib' library. This vulnerability allows a remote attacker to gain unauthorized access to an application using OpenCA. by using an invalid and expired certificate,
* Note: This check solely relied on the version number of the remote OpenCA on the web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=3615
http://www.kb.cert.org/vuls/id/336446
* Platforms Affected:
OpenCA, OpenCA prior to 0.9.1.7
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of OpenCA (0.9.1.7 or later) fixed this vulnerability, available from the OpenCA Web site http://sourceforge.net/projects/openca/ |
| Related URL |
CVE-2004-0004 (CVE) |
| Related URL |
9435 (SecurityFocus) |
| Related URL |
14847 (ISS) |
|
