Is the SCSP Manager susceptible to the Certificate Signature Collision Vulnerability?

book

Article ID: 157428

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

You wish to know if the SCSP Manager is susceptible to the IETF X.509 Certificate Signature Collision Vulnerability (CVE-2004-2761).

Cause

This issue affects SSL certificates that are signed by the MD5 hashing algorithm.

Resolution

SCSP has been using the SHA1 hashing algorithm since version 5.2.4. Any installation made since that version is therefore secure. However, if a manager has been upgraded from an earlier version such as 5.0.x or 5.1.x, it will retain the original certificates. This can be verified by checking the signing algorithm according to HOWTO59835. An unsupported procedure to generate a new SHA1 compliant self-signed certificate key pair can be found in HOWTO83315.