The OpenCA PKI Project (v0.9) is "a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide". OpenCA suffers from a typical cross-site request forgery (XSRF) problem. This means that an authenticated user (a registration officer, for example) can be manipulated into executing certain activities on the CA without his knowledge and consent. In a CA, this is especially problematic as this means an attacker can issue arbitrary certificates this way.

http://www.securiteam.com/unixfocus/5CP0E20NFO.html