High severity7.5NVD Advisory· Published Sep 16, 2005· Updated Jun 16, 2026
CVE-2005-2946
CVE-2005-2946
Description
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: <0.9.8
- (no CPE)range: <0.9.8
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
3- www.ubuntu.com/usn/usn-179-1nvdVendor Advisory
- bugzilla.ubuntu.com/show_bug.cginvdBroken LinkIssue TrackingVendor Advisory
- www.cits.rub.de/MD5Collisions/nvdBroken Link
News mentions
0No linked articles in our index yet.