Does RCM have any vulnerabilites by using MD5 for referencing objects in the administration console?
Originally Published: 2009-01-14
Article Number
Applies To
RSA Certificate Manager (RCM)
Message-Digest Algorithm (MD5)
Issue
All certificates used in RCM use the MD5 number for reference
Web sites regarding MD5 vulnerability:
http://www.win.tue.nl/hashclash/rogue-ca/
http://www.rsa.com/blog/blog_entry.aspx?id=1411
http://broadcast.oreilly.com/2008/12/the-sky-is-not-falling-on-toda.html
Resolution
Since RCM only uses the MD5 hash as a reference number for the nameing of object in the database, there is no trust chain to exploit as shown with the recent MD5 vunerability.
For information on the MD5 vunerability with Root CAs, see solution What algorithm does RCM used to sign the certificates? .
Related Articles
Steps to change the internal subnets in RSA Authentication Manager used for an embedded RSA Identity Router Number of Views Microsoft Entra ID - SCIM Client for Cloud Authentication Service - RSA Ready Implementation Guide Number of Views RSA SecurID Web Tier is not working and has a status of "Offline" or "Offline, reinstall required" in the Authentication M… Number of Views RSA SecurID® Hardware Appliance 230 (Dell R240) Hardware issue. How to apply Bios fix Number of Views Add a Report Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Troubleshooting RSA MFA Agent for Microsoft Windows Unable to find valid certification path error when logging on to Help Desk Admin Portal (HDAP) and Self-Service Portal (SS…
Don't see what you're looking for?
