Is the SCSP Manager susceptible to the Certificate Signature Collision Vulnerability?


Article ID: 157428


Updated On:


Critical System Protection


You wish to know if the SCSP Manager is susceptible to the IETF X.509 Certificate Signature Collision Vulnerability (CVE-2004-2761).


This issue affects SSL certificates that are signed by the MD5 hashing algorithm.


SCSP has been using the SHA1 hashing algorithm since version 5.2.4. Any installation made since that version is therefore secure. However, if a manager has been upgraded from an earlier version such as 5.0.x or 5.1.x, it will retain the original certificates. This can be verified by checking the signing algorithm according to HOWTO59835. An unsupported procedure to generate a new SHA1 compliant self-signed certificate key pair can be found in HOWTO83315.