PT-2009-1260 · Red Hat · Dogtag Certificate System+1

Published

2009-01-30

Updated

2017-08-08

CVE-2008-5082

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System versions 7.1 through 7.3 Dogtag Certificate System version 1.0

Description The issue concerns the verifyProof function in the Token Processing System component, which returns successfully even when token enrollment did not use the hardware key. This allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.

Recommendations For Red Hat Certificate System versions 7.1 through 7.3, consider disabling the verifyProof function in the Token Processing System component until a patch is available. For Dogtag Certificate System version 1.0, restrict access to the enrollment process to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-5082

RHSA-2009:0007

Affected Products

Dogtag Certificate System

Red Hat Certificate System

PT-2009-1260 · Red Hat · Dogtag Certificate System+1

CVE-2008-5082

Weakness Enumeration

Related Identifiers

Affected Products

References · 7