CVE-2005-2946
HIGHOpenSSL < 0.9.8 - Use of a Broken or Risky Cryptographic Algorithm
Title source: llmDescription
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
References (3)
Core 3
Core References
Broken Link, Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.ubuntu.com/show_bug.cgi?id=13593
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-179-1
Broken Link x_refsource_misc
http://www.cits.rub.de/MD5Collisions/
Scores
CVSS v3
7.5
EPSS
0.0019
EPSS Percentile
40.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-327
Status
published
Products (3)
canonical/ubuntu_linux
4.10
canonical/ubuntu_linux
5.04
openssl/openssl
< 0.9.8
Published
Sep 16, 2005
Tracked Since
Feb 18, 2026