Description
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Dan Kaminsky · textdosmultiple
https://www.exploit-db.com/exploits/24807
References (26)
Core 26
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-740-1
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33065
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2010-0837.html
Various Sources x_refsource_misc
http://www.phreedom.org/research/rogue-ca/
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/836068
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4866
Various Sources x_refsource_misc
http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
Various Sources x_refsource_misc
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33826
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34281
Mitigation, Patch, Vendor Advisory x_refsource_misc
http://www.microsoft.com/technet/security/advisory/961509.mspx
Various Sources x_refsource_misc
http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
Various Sources x_refsource_misc
http://www.doxpara.com/research/md5/md5_someday.pdf
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2010-0838.html
Various Sources x_refsource_misc
https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024697
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499685/100/0/threaded
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42181
Various Sources x_refsource_misc
http://www.win.tue.nl/hashclash/rogue-ca/
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=648886
Scores
EPSS
0.0623
EPSS Percentile
90.9%
Details
CWE
CWE-310
Status
published
Products (1)
ietf/md5
Published
Jan 05, 2009
Tracked Since
Feb 18, 2026