Описание
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
Ссылки
- US Government Resource
- PatchVendor Advisory
- PatchVendor Advisory
- US Government Resource
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.1.6 (включая)
cpe:2.3:a:openca:openca:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00983
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
EPSS
Процентиль: 76%
0.00983
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other