IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability

IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability

X.509 certificates are prone to a signature-collision attack when signed with the MD5 algorithm. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature.

An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible.

NOTE: This attack is an extension of the weakness covered in BID 11849 (MD5 Message Digest Algorithm Hash Collision Weakness).