CVE-2008-2368

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System version 7.2

Description The issue allows local users to discover passwords by reading certain log files. This is due to the storage of passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and other unspecified debug log files. Additionally, the weak permissions set for these files contribute to the problem.

Recommendations For Red Hat Certificate System version 7.2, consider restricting access to the log files to minimize the risk of exploitation. As a temporary workaround, change the permissions of the affected log files to prevent unauthorized access until a more permanent solution is available.