Second note:
based on Adam Young's comments it sounds like even the ability to forge arbitrary MD5 hashes would not be directly exploitable as 1) the MD5 hashes are created by keystone and 2) the hashed value is a PKI token so there's an additional level pf protection. Is this correct?
One note: cve.mitre. org/cgi- bin/cvekey. cgi?keyword= md5
http://
Second note:
based on Adam Young's comments it sounds like even the ability to forge arbitrary MD5 hashes would not be directly exploitable as 1) the MD5 hashes are created by keystone and 2) the hashed value is a PKI token so there's an additional level pf protection. Is this correct?