Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0004


Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0004
Last Modified 05 Sep 2008 04:37:16
Published 17 Feb 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The libCheckSignature function in crypto-utils.lib for OpenCA and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.

Vulnerable Systems


  • Openca


CERT-VN - VU#336446

BID - 9435


XF - openca-improper-signature-verification(14847)

OSVDB - 3615

BUGTRAQ - 20040116 [OpenCA Advisory] Vulnerability in signature verification

Last Updated: 27 May 2016 10:38:26