Wed, Dec 31 2008 9:00
Don
Rogue MD5 SSL Certificate Vulnerability
US-CERT is aware of a public report
describing how MD5 collisions can be leveraged to generate rogue SSL CA
certificates. A rogue CA certificate could be used by an attacker to
generate valid SSL certificates for arbitrary web sites. Using these
certificates in DNS redirection attacks, an attacker could spoof an SSL
protected web site and obtain sensitive information.
US-CERT will provide additional information as it becomes available.
http://www.us-cert.gov/current/index.html#md5_hashing_algorithm_vulnerability
Filed under: Alerts