Does RCM have any vulnerabilites by using MD5 for referencing objects in the administration console?
Originally Published: 2009-01-14
Article Number
Applies To
RSA Certificate Manager (RCM)
Message-Digest Algorithm (MD5)
Issue
All certificates used in RCM use the MD5 number for reference
Web sites regarding MD5 vulnerability:
http://www.win.tue.nl/hashclash/rogue-ca/
http://www.rsa.com/blog/blog_entry.aspx?id=1411
http://broadcast.oreilly.com/2008/12/the-sky-is-not-falling-on-toda.html
Resolution
Since RCM only uses the MD5 hash as a reference number for the nameing of object in the database, there is no trust chain to exploit as shown with the recent MD5 vunerability.
For information on the MD5 vunerability with Root CAs, see solution What algorithm does RCM used to sign the certificates? .
Related Articles
You do not have access to any report results folder Number of Views RSA Governance & Lifecycle Services 101: Dynamic Reports & Charts - What are they and how do you use them? Number of Views How do you map Active Directory LdapErr codes to Access Manager authentication result codes? Number of Views What is the difference between 'IP address matching' and 'Threshold \Consider if X events come in within Y seconds' corre… Number of Views How do you use a SID800 with multiple certificates and Windows credential provider? Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
