Shuriken Pro3 S/MIME signature verification does not verify the certificate authenticity


Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the authenticity of the certificate is not verified when verifying the S/MIME digital signature of an email message.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

JustSystems Corporation
  • Shuriken Pro3
  • Shuriken Pro3 /R.2
  • Shuriken Pro3 Corporate Edition
  • Shuriken Pro3 /R.2 [VeriSign Security Mail Set]


A user can not notice a forged message when it is signed with a malicious digital certificate, because the certificate authenticity is not verified.

Vendor Information

JustSystems Corporation
CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#B4BE09A4
Revision History

  • [2008/05/21]
      Web page published