What is the severity of CVE-2005-2946?

CVE-2005-2946 is considered a high severity vulnerability due to the potential for certificate forgery.

How do I fix CVE-2005-2946?

To fix CVE-2005-2946, upgrade OpenSSL to version 0.9.8 or later where a stronger hashing algorithm is used.

Which versions of OpenSSL are affected by CVE-2005-2946?

CVE-2005-2946 affects OpenSSL versions earlier than 0.9.8, including all versions from 0.9.1c to 0.9.7g.

What type of attack is associated with CVE-2005-2946?

CVE-2005-2946 can enable remote attackers to forge certificates, thereby potentially compromising secure communications.

Is there a workaround for CVE-2005-2946 if I cannot update OpenSSL?

If updating is not an option, consider using external validation of certificates to reduce risk, but the best solution remains to upgrade to a secure version.

Vulnerability/
CVE-2005-2946

high

7.5

CWE

310 327

16/9/2005

7/8/2024

CVE-2005-2946

First published: Fri Sep 16 2005(Updated: )

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
OpenSSL libcrypto	=0.9.1c
OpenSSL libcrypto	=0.9.2b
OpenSSL libcrypto	=0.9.3
OpenSSL libcrypto	=0.9.3a
OpenSSL libcrypto	=0.9.4
OpenSSL libcrypto	=0.9.5
OpenSSL libcrypto	=0.9.5-beta1
OpenSSL libcrypto	=0.9.5-beta2
OpenSSL libcrypto	=0.9.5a
OpenSSL libcrypto	=0.9.5a-beta1
OpenSSL libcrypto	=0.9.5a-beta2
OpenSSL libcrypto	=0.9.6
OpenSSL libcrypto	=0.9.6-beta1
OpenSSL libcrypto	=0.9.6-beta2
OpenSSL libcrypto	=0.9.6-beta3
OpenSSL libcrypto	=0.9.6a
OpenSSL libcrypto	=0.9.6a-beta1
OpenSSL libcrypto	=0.9.6a-beta2
OpenSSL libcrypto	=0.9.6a-beta3
OpenSSL libcrypto	=0.9.6b
OpenSSL libcrypto	=0.9.6c
OpenSSL libcrypto	=0.9.6d
OpenSSL libcrypto	=0.9.6e
OpenSSL libcrypto	=0.9.6f
OpenSSL libcrypto	=0.9.6g
OpenSSL libcrypto	=0.9.6h
OpenSSL libcrypto	=0.9.6i
OpenSSL libcrypto	=0.9.6j
OpenSSL libcrypto	=0.9.6k
OpenSSL libcrypto	=0.9.6l
OpenSSL libcrypto	=0.9.6m
OpenSSL libcrypto	=0.9.7
OpenSSL libcrypto	=0.9.7-beta1
OpenSSL libcrypto	=0.9.7-beta2
OpenSSL libcrypto	=0.9.7-beta3
OpenSSL libcrypto	=0.9.7-beta4
OpenSSL libcrypto	=0.9.7-beta5
OpenSSL libcrypto	=0.9.7-beta6
OpenSSL libcrypto	=0.9.7a
OpenSSL libcrypto	=0.9.7b
OpenSSL libcrypto	=0.9.7c
OpenSSL libcrypto	=0.9.7d
OpenSSL libcrypto	=0.9.7e
OpenSSL libcrypto	=0.9.7f
OpenSSL libcrypto	=0.9.7g
OpenSSL libcrypto	<0.9.8
Ubuntu Linux	=4.10
Ubuntu Linux	=5.04

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-2946?
CVE-2005-2946 is considered a high severity vulnerability due to the potential for certificate forgery.
How do I fix CVE-2005-2946?
To fix CVE-2005-2946, upgrade OpenSSL to version 0.9.8 or later where a stronger hashing algorithm is used.
Which versions of OpenSSL are affected by CVE-2005-2946?
CVE-2005-2946 affects OpenSSL versions earlier than 0.9.8, including all versions from 0.9.1c to 0.9.7g.
What type of attack is associated with CVE-2005-2946?
CVE-2005-2946 can enable remote attackers to forge certificates, thereby potentially compromising secure communications.
Is there a workaround for CVE-2005-2946 if I cannot update OpenSSL?
If updating is not an option, consider using external validation of certificates to reduce risk, but the best solution remains to upgrade to a secure version.

agent/type
agent/author
agent/severity
agent/weakness
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/openssl
canonical/openssl libcrypto
version/openssl libcrypto/0.9.1c
version/openssl libcrypto/0.9.2b
version/openssl libcrypto/0.9.3
version/openssl libcrypto/0.9.3a
version/openssl libcrypto/0.9.4
version/openssl libcrypto/0.9.5
version/openssl libcrypto/0.9.5-beta1
version/openssl libcrypto/0.9.5-beta2
version/openssl libcrypto/0.9.5a
version/openssl libcrypto/0.9.5a-beta1
version/openssl libcrypto/0.9.5a-beta2
version/openssl libcrypto/0.9.6
version/openssl libcrypto/0.9.6-beta1
version/openssl libcrypto/0.9.6-beta2
version/openssl libcrypto/0.9.6-beta3
version/openssl libcrypto/0.9.6a
version/openssl libcrypto/0.9.6a-beta1
version/openssl libcrypto/0.9.6a-beta2
version/openssl libcrypto/0.9.6a-beta3
version/openssl libcrypto/0.9.6b
version/openssl libcrypto/0.9.6c
version/openssl libcrypto/0.9.6d
version/openssl libcrypto/0.9.6e
version/openssl libcrypto/0.9.6f
version/openssl libcrypto/0.9.6g
version/openssl libcrypto/0.9.6h
version/openssl libcrypto/0.9.6i
version/openssl libcrypto/0.9.6j
version/openssl libcrypto/0.9.6k
version/openssl libcrypto/0.9.6l
version/openssl libcrypto/0.9.6m
version/openssl libcrypto/0.9.7
version/openssl libcrypto/0.9.7-beta1
version/openssl libcrypto/0.9.7-beta2
version/openssl libcrypto/0.9.7-beta3
version/openssl libcrypto/0.9.7-beta4
version/openssl libcrypto/0.9.7-beta5
version/openssl libcrypto/0.9.7-beta6
version/openssl libcrypto/0.9.7a
version/openssl libcrypto/0.9.7b
version/openssl libcrypto/0.9.7c
version/openssl libcrypto/0.9.7d
version/openssl libcrypto/0.9.7e
version/openssl libcrypto/0.9.7f
version/openssl libcrypto/0.9.7g
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/4.10
version/ubuntu linux/5.04

Frequently Asked Questions

What is the severity of CVE-2005-2946?
CVE-2005-2946 is considered a high severity vulnerability due to the potential for certificate forgery.
How do I fix CVE-2005-2946?
To fix CVE-2005-2946, upgrade OpenSSL to version 0.9.8 or later where a stronger hashing algorithm is used.
Which versions of OpenSSL are affected by CVE-2005-2946?
CVE-2005-2946 affects OpenSSL versions earlier than 0.9.8, including all versions from 0.9.1c to 0.9.7g.
What type of attack is associated with CVE-2005-2946?
CVE-2005-2946 can enable remote attackers to forge certificates, thereby potentially compromising secure communications.
Is there a workaround for CVE-2005-2946 if I cannot update OpenSSL?
If updating is not an option, consider using external validation of certificates to reduce risk, but the best solution remains to upgrade to a secure version.

CVE-2005-2946

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-2946?

How do I fix CVE-2005-2946?

Which versions of OpenSSL are affected by CVE-2005-2946?

What type of attack is associated with CVE-2005-2946?

Is there a workaround for CVE-2005-2946 if I cannot update OpenSSL?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2005-2946?

How do I fix CVE-2005-2946?

Which versions of OpenSSL are affected by CVE-2005-2946?

What type of attack is associated with CVE-2005-2946?

Is there a workaround for CVE-2005-2946 if I cannot update OpenSSL?