Published:2004/11/19 Last Updated:2008/05/21
JVN#B410A83F
Shuriken Pro3 S/MIME signature verification does not verify the From address
Overview
Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly.
Products Affected
- Shuriken Pro3
- Shuriken Pro3 /R.2
- Shuriken Pro3 /R.2 [VeriSign Security Mail Set]
- Shuriken Pro3 Corporate Edition
Description
Impact
A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert the user that the message is forged.
Solution
References
JPCERT/CC Addendum
Credit
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2004-000591 |