CVE-2008-5082

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System versions 7.1 through 7.3 Dogtag Certificate System version 1.0

Description The issue concerns the verifyProof function in the Token Processing System component, which returns successfully even when token enrollment did not use the hardware key. This allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.

Recommendations For Red Hat Certificate System versions 7.1 through 7.3, consider disabling the verifyProof function in the Token Processing System component until a patch is available. For Dogtag Certificate System version 1.0, restrict access to the enrollment process to minimize the risk of exploitation.