Published:2004/12/21 Last Updated:2008/05/21
JVN#B4BE09A4
Shuriken Pro3 S/MIME signature verification does not verify the certificate authenticity
Overview
Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the authenticity of the certificate is not verified when verifying the S/MIME digital signature of an email message.
Products Affected
- Shuriken Pro3
- Shuriken Pro3 /R.2
- Shuriken Pro3 /R.2 [VeriSign Security Mail Set]
- Shuriken Pro3 Corporate Edition
Description
Impact
A user can not notice a forged message when it is signed with a malicious digital certificate, because the certificate authenticity is not verified.
Solution
References
JPCERT/CC Addendum
Credit
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2004-000592 |