Published:2004/11/19  Last Updated:2008/05/21

JVN#B410A83F
Shuriken Pro3 S/MIME signature verification does not verify the From address

Overview

Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly.

Products Affected

  • Shuriken Pro3
  • Shuriken Pro3 /R.2
  • Shuriken Pro3 /R.2 [VeriSign Security Mail Set]
  • Shuriken Pro3 Corporate Edition

Description

Impact

A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert the user that the message is forged.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
JustSystems Corporation Vulnerable 2004/12/21

References

JPCERT/CC Addendum

Credit

Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2004-000591

Update History