CVE-2004-2761

CRITICAL

Ietf Md5 - Cryptographic Issue

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2761. PoCs published by Dan Kaminsky.

AI-analyzed exploit summary This is a writeup describing the theoretical MD5 hash collision vulnerability (CVE-2004-2761), explaining how attackers could create differing inputs with identical MD5 fingerprints, potentially bypassing integrity checks. It does not contain executable exploit code.

Description

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dan Kaminsky · textdosmultiple
https://www.exploit-db.com/exploits/24807

This is a writeup describing the theoretical MD5 hash collision vulnerability (CVE-2004-2761), explaining how attackers could create differing inputs with identical MD5 fingerprints, potentially bypassing integrity checks. It does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Systems using MD5 for cryptographic verification
No auth needed
Prerequisites: Access to a system relying on MD5 for integrity checks
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (26)

Core 26
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33065
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2010-0837.html
Various Sources x_refsource_misc
http://www.phreedom.org/research/rogue-ca/
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/836068
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4866
Various Sources x_refsource_misc
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33826
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34281
Mitigation, Patch, Vendor Advisory x_refsource_misc
http://www.microsoft.com/technet/security/advisory/961509.mspx
Various Sources x_refsource_misc
http://www.doxpara.com/research/md5/md5_someday.pdf
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2010-0838.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-740-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024697
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499685/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42181
Various Sources x_refsource_misc
http://www.win.tue.nl/hashclash/rogue-ca/
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=648886

Scores

CVSS v3 9.8
EPSS 0.0985
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-310 CWE-328
Status published
Products (1)
ietf/md5
Published Jan 05, 2009
Tracked Since Feb 18, 2026