Executive Summary

Title Research proves feasibility of collision attacks against MD5
Name KB961509 First vendor Publication 2008-12-30
Vendor Microsoft Last vendor Modification 1970-01-01
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method could allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated.

This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information. Microsoft is not aware of any active attacks using this issue and is actively working with certificate authorities to ensure they are aware of this new research and is encouraging them to migrate to the newer SHA-1 signing algorithm.

While this issue is not a vulnerability in a Microsoft product, Microsoft is actively monitoring the situation and has worked with affected Certificate Authorities to keep customers informed and to provide customer guidance as necessary.

Mitigating Factors:

  • Microsoft is not aware of specific attacks against MD5, so previously issued certificates that were signed using MD5 are not affected and do not need to be revoked. This issue only affects certificates being signed using MD5 after the publication of the attack method.
  • Most public Certificate Authority roots no longer use MD5 to sign certificates, but have upgraded to the more secure SHA-1 algorithm. Customers should contact their issuing Certificate Authority for guidance.
  • When visited, Web sites that use Extended Validation (EV) certificates show a green address bar in most modern browsers. These certificates are always signed using SHA-1 and as such are not affected by this newly reported research.

General Information


Purpose of Advisory: To assist customers in assessing the impact of this research announcement on their current certificate deployments.

Advisory Status: Issue Confirmed. No Security Update Planned.

Recommendation: Review the suggested actions and configure as appropriate.

Microsoft Knowledge Base Article961509

This advisory discusses the following software.

Affected Software

Frequently Asked Questions

What is the scope of the advisory?
This advisory aims to assist consumers in assessing the risk of certain applications using X.509 digital certificates and to recommend that administrators and certificate authorities cease using MD5 as an algorithm to sign digital certificates.

Is this a security vulnerability that requires Microsoft to issue a security update?
No. Technologies that use a signing mechanism other than MD5 have been available for some time, and the use of MD5 as a hashing algorithm for signing purposes has been discouraged and is no longer a best practice. Microsoft will however evaluate any opportunities to strengthen technologies to detect fraudulent certificates. Although this is not a vulnerability in a Microsoft product, Microsoft is issuing this advisory to help clarify the actual risk involved to customers.

What causes this threat?
The root cause of the problem is a known weakness of the MD5 algorithm which exposes it to collision attacks. Such attacks would allow an attacker to generate additional certificates that have the same digital signature as an original. These issues are well understood and the use of MD5 for specific purposes that require resistance against these attacks has been discouraged. However, these attacks have up until recently been considered difficult to implement. Recent research has now proven that collision attacks are feasible. At Microsoft, the Security Development Lifecycle has required Microsoft to no longer use the MD5 algorithm as a default in Microsoft software.

What might an attacker use this function to do?
An attacker could apply these attacks to fraudulently appear to a user as a legitimate, signed Web site or to send fraudulently signed e-mail. However, the techniques to perform these attacks and the underlying cryptography that facilitate them were not released by the researchers. Attacks would be very unlikely to be implemented at this point in time.

Suggested Actions

  • Review the Microsoft Knowledge Base Article that is associated with this advisory

    Customers who are interested in learning more about the topic covered in this advisory should review Microsoft Knowledge Base Article 961509.

  • Keep Windows Updated

    All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.

  • Do not sign digital certificates with MD5

    Certificate Authorities should no longer sign newly generated certificates using the MD5 algorithm, as it is known to be prone to collision attacks. Several alternative and more secure technologies are available, including SHA-1, SHA-256, SHA-384 or SHA-512.

    Impact of action: Older hardware-based solutions may require upgrading to support these newer technologies.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/961509.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13231
Oval ID: oval:org.mitre.oval:def:13231
Title: USN-740-1 -- nss, firefox vulnerability
Description: The MD5 algorithm is known not to be collision resistant
Family: unix Class: patch
Reference(s): USN-740-1
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): nss
Definition Synopsis:

CPE : Common Platform Enumeration

Application 1

OpenVAS Exploits

Date Description
2009-03-20 Name : Ubuntu USN-735-1 (gst-plugins-base0.10)
File : nvt/ubuntu_735_1.nasl
2009-03-20 Name : Ubuntu USN-736-1 (gst-plugins-good0.10)
File : nvt/ubuntu_736_1.nasl
2009-03-20 Name : Ubuntu USN-737-1 (libsoup)
File : nvt/ubuntu_737_1.nasl
2009-03-20 Name : Ubuntu USN-739-1 (amarok)
File : nvt/ubuntu_739_1.nasl
2009-03-20 Name : Ubuntu USN-740-1 (firefox)
File : nvt/ubuntu_740_1.nasl
2009-02-10 Name : Fedora Core 9 FEDORA-2009-1276 (nss)
File : nvt/fcore_2009_1276.nasl
2009-02-10 Name : Fedora Core 10 FEDORA-2009-1291 (nss)
File : nvt/fcore_2009_1291.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45127 MD5 Algorithm Hash Function Collision Weakness

Nessus® Vulnerability Scanner

Date Description
2016-12-08 Name : A known CA SSL certificate in the certificate chain has been signed using a w...
File : ssl_weak_hash_ca.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1291.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-740-1.nasl - Type : ACT_GATHER_INFO
2009-02-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1276.nasl - Type : ACT_GATHER_INFO
2009-01-05 Name : An SSL certificate in the certificate chain has been signed using a weak hash...
File : ssl_weak_hash.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-12-09 13:25:25
  • Multiple Updates
2014-02-17 11:38:47
  • Multiple Updates