The default configuration on OpenSSL prior to 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote malicious users to forge certificates with a valid certificate authority signature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
canonical ubuntu linux 4.10 |
||
canonical ubuntu linux 5.04 |