### [CVE-2004-2761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2761)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

### POC

#### Reference
- http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
- http://securityreason.com/securityalert/4866
- http://www.phreedom.org/research/rogue-ca/
- http://www.ubuntu.com/usn/usn-740-1
- http://www.win.tue.nl/hashclash/SoftIntCodeSign/
- http://www.win.tue.nl/hashclash/rogue-ca/

#### Github
- https://github.com/ajread4/cve_pull
- https://github.com/alexchen1988011/Windows2012R2SSLzhengshuloudongxiufuzhinan
- https://github.com/chaos198800/Windows-xia-SSL-zheng-shu-zhi-zuo-gong-ju--CVE-2004-2761-lou-dong-xiu-fu