| VID |
21439 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The OpenCA, according to its version number, allow an attacker to bypass signature verification. OpenCA is a Certification Authority security project for authenticating user credentials. OpenCA versions 0.9.1.3 and earlier contain multiple flaws that may allow revoked or expired certificates to be accepted as valid. The vulnerabilities are caused due to errors in the regular expressions in "OpenCA::PKCS7", and in the "crypto-utils.lib" library when creating X.509 objects and when checking serials of certificates used for creating a PKCS#7 signature. A remote or local attacker could exploit this vulnerability by using a revoked or expired certificate to gain unauthorized access to an application using OpenCA.
* Note: This check solely relied on the version number of the remote OpenCA program to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-01/0125.html
http://www.osvdb.org/displayvuln.php?osvdb_id=2884
http://secunia.com/advisories/10324
* Platforms Affected:
OpenCA 0.9.1.3 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of OpenCA (0.9.1.4 or later), available from the OpenCA Web site at http://sourceforge.net/projects/openca/ |
| Related URL |
CVE-2003-0960 (CVE) |
| Related URL |
9123 (SecurityFocus) |
| Related URL |
13861 (ISS) |
|
