AnsweredAssumed Answered

What to do about this Workaround?

Question asked by Rodrigo Paiva on Apr 16, 2013
Latest reply on Apr 29, 2013 by Patric Fox

Dear All,

 

Some machines appeared in my scan with Vulnerability Level 2 and showed the informations below (there is no vendor reference for it).

 

Title:
X.509 Certificate MD5 Signature Collision Vulnerability

 

Results:

NAME    VALUE

Certificate    CN=aeagent at level 0 was signed using md5WithRSAEncryption algorithm which is considered weak.

 

Solution:

Workaround:

If the certificate is signed using MD5 hash function then a new certificate should be obtained which uses a more collision proof hashing algorithm such as SHA. If the CA of the certificate is signed using MD5 then a different CA should be used which doesn't have this vulnerability.

 

Cisco ASA appliance Workaround -

Instructions on changing the signing hash for Cisco ASA's self signed certificates are available at the Cisco Security Response Web page MD5 Hashes May Allow for Certificate Spoofing (http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html).

 

As I'm checking workstations, the part of Cisco ASA could be discarted.

 

 

Exploitability:
Source: The Exploit-DB

Reference:CVE-2004-2761

Description:MD5 Message Digest Algorithm Hash Collision Weakness - The Exploit-DB Ref : 24807

Link:http://www.exploit-db.com/exploits/24807

 

 

Any idea for what should be done on this Workaround? What are the steps?

 

Thanks in advance!


Rodrigo Paiva

Attachments

Outcomes