Upstream information

CVE-2004-2761 at MITRE

Description

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Note from the SUSE Security Team

This algorithm weakness has been acknowledged and should lead to this algorithm no longer being used. We have been working on phasing out use of MD5 from our products for some years and continue to do so where it is not yet done.

SUSE Bugzilla entry: 1074631 [RESOLVED / NORESPONSE]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Fri Jun 28 01:42:26 2013
CVE page last modified: Fri Oct 7 12:45:29 2022