Does RCM have any vulnerabilites by using MD5 for referencing objects in the administration console?
Originally Published: 2009-01-14
Article Number
Applies To
RSA Certificate Manager (RCM)
Message-Digest Algorithm (MD5)
Issue
All certificates used in RCM use the MD5 number for reference
Web sites regarding MD5 vulnerability:
http://www.win.tue.nl/hashclash/rogue-ca/
http://www.rsa.com/blog/blog_entry.aspx?id=1411
http://broadcast.oreilly.com/2008/12/the-sky-is-not-falling-on-toda.html
Resolution
Since RCM only uses the MD5 hash as a reference number for the nameing of object in the database, there is no trust chain to exploit as shown with the recent MD5 vunerability.
For information on the MD5 vunerability with Root CAs, see solution What algorithm does RCM used to sign the certificates? .
Related Articles
You do not have access to any report results folder Number of Views RSA Governance & Lifecycle Services 101: Dynamic Reports & Charts - What are they and how do you use them? Number of Views How do you map Active Directory LdapErr codes to Access Manager authentication result codes? Number of Views What is the difference between 'IP address matching' and 'Threshold \Consider if X events come in within Y seconds' corre… Number of Views How do you use a SID800 with multiple certificates and Windows credential provider? Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
