Description
Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certificate and private key forgery.

Impact Summary: An attacker impersonating a user can cause a service reading
PKCS#12 files to accept forged certificates and private keys with a 1 in 256
probability.

If a service accepting PKCS#12 files is using passwords for authenticating
the received files, the attacker can create unencrypted PKCS#12 files that
use PBMAC1 authentication that specifies an HMAC key of only one byte, allowing
them to craft a file that will be accepted with a 1 in 256 probability.
That would then cause the service to accept a certificate and private key
controlled by the attacker.

The FIPS modules are not affected by this issue, as the affected code is
outside the OpenSSL FIPS module boundary.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenSSL’s handling of PKCS#12 files that use Password‑Based Message Authentication Code 1 (PBMAC1) fails to verify the integrity of the file when an HMAC key of only one byte is supplied. As a result, a crafted PKCS#12 file can be accepted with a one‑in‑256 probability, allowing an attacker to embed a forged certificate and private key that the processing application will load as if they were legitimate. The vulnerability does not provide direct code execution but enables impersonation and validation bypass for services that rely on PKCS#12 file authentication.

Affected Systems

The issue applies to the OpenSSL library, excluding the FIPS module where the affected code resides outside its boundary. No specific product versions are listed, so all releases of OpenSSL that implement PBMAC1 handling are potentially vulnerable.

Risk and Exploitability

The vulnerability’s CVSS score is not publicly disclosed, and an EPSS score is unavailable, but the exploit probability is explicitly quantified as a 1 in 256 chance for the forged file to be accepted. Because the impact is the ability to impersonate a user through a forged certificate and key, the risk is moderate if the application accepts arbitrary PKCS#12 files. The vulnerability is not currently listed in the CISA KEV catalog, and no public exploitation examples are known. The likely attack vector involves supply or upload of a malicious PKCS#12 file to a service that processes such files without additional validation.

Generated by OpenCVE AI on June 9, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of OpenSSL that has applied the fix for proper input validation of PBMAC1 PKCS#12 files.
  • Reconfigure any application to reject PBMAC1‑protected PKCS#12 files or enforce an HMAC key length greater than one byte before processing.
  • Verify the authenticity of PKCS#12 files by checking their source and validating their certificates and keys against trusted values.

Generated by OpenCVE AI on June 9, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6335-1 openssl security update
Ubuntu USN Ubuntu USN USN-8414-1 OpenSSL vulnerabilities
History

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Openssl
Openssl openssl
Vendors & Products Openssl
Openssl openssl

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service reading PKCS#12 files to accept forged certificates and private keys with a 1 in 256 probability. If a service accepting PKCS#12 files is using passwords for authenticating the received files, the attacker can create unencrypted PKCS#12 files that use PBMAC1 authentication that specifies an HMAC key of only one byte, allowing them to craft a file that will be accepted with a 1 in 256 probability. That would then cause the service to accept a certificate and private key controlled by the attacker. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Title PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Weaknesses CWE-354
References

Subscriptions

Openssl Openssl
cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published:

Updated: 2026-06-09T16:03:22.065Z

Reserved: 2026-03-26T09:29:36.013Z

Link: CVE-2026-34181

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:04.740

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-34181

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:45:09Z

Weaknesses