DarkFiber Consulting – IT Managed Services

Rogue MD5 SSL Certificate Vulnerability

December 30th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could spoof an SSL protected web site and obtain sensitive information.  

DarkFiber Consulting will provide additional information as it becomes available.