Vulnerability   
Search   
    Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.803007
Category:Windows
Title:Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
Summary:Microsoft Windows operating system is prone to digital certificate key length spoofing vulnerability.
Description:Summary:
Microsoft Windows operating system is prone to digital certificate key length spoofing vulnerability.

Vulnerability Insight:
The private keys used in digital certificate with RSA keys less than 1024
bits in length can be derived and could allow an attacker to duplicate the
certificates. An duplicate certificate could be used to spoof content,
perform phishing attacks, or perform man-in-the-middle attacks.

Vulnerability Impact:
Successful exploitation will allow remote attackers to spoof content, perform
phishing attacks or perform man-in-the-middle attacks.

Affected Software/OS:
- Microsoft Windows XP x32 Edition Service Pack 3 and prior

- Microsoft Windows XP x64 Edition Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior

- Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

- Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2025 E-Soft Inc. All rights reserved.