5.9
CVE-2005-4900
- EPSS 0.94%
- Veröffentlicht 14.10.2016 16:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.94% | 0.562 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
http://ia.cr/2007/474
http://shattered.io/
http://www.cwi.nl/news/2017/cwi-and-google-announce-first-collision-industry-security-standard-sha-1
http://www.securityfocus.com/bid/12577
https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/
https://kc.mcafee.com/corporate/index?page=content&id=SB10340
https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
https://sites.google.com/site/itstheshappening
https://www.schneier.com/blog/archives/2005/02/sha1_broken.html
https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html