Preview Tool

Cisco Bug: CSCtb70849 - MARS uses MD5 signed certificate instead of SHA1

Last Modified

Jun 30, 2015

Products (1)

  • Cisco Security Monitoring, Analysis and Response System

Known Affected Releases


Description (partial)

The remote service uses an SSL certificate that has been signed using a cryptographically weak 
hashing algorithm - MD2, MD4, or MD5. These algorithms are known to be vulnerable to collision 
attacks. In theory, an attacker could leverage this weakness to generate another certificate with 
the same digital signature, which could allow him to masquerade as the affected service.

Mars devices running 6.x. The SSL certificate of the CSMARS application was signed using weak 
hash algorithms i.e. MD5 instead of SHA1 causing risk of possible security breach due to the 
inherent weaknesses of an MD5 RSA signed certificate.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.