High severity7.5NVD Advisory· Published Sep 16, 2005· Updated Apr 16, 2026

CVE-2005-2946

Description

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

Affected products

OpenSSL Project/OpenSSL
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Range: <0.9.8
Canonical (company)/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ubuntu.com/usn/usn-179-1nvdVendor Advisory
bugzilla.ubuntu.com/show_bug.cginvdBroken LinkIssue TrackingVendor Advisory
www.cits.rub.de/MD5Collisions/nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000