PT-2010-5130 · Red Hat · Dogtag Certificate System+1

Tomas Hoger

Published

2010-11-17

Updated

2010-11-18

CVE-2010-3869

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System (RHCS) versions 7.3 and 8 Dogtag Certificate System (affected versions not specified)

Description The issue allows remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.

Recommendations For Red Hat Certificate System (RHCS) versions 7.3 and 8, consider restricting access to the SCEP functionality until a fix is available. For Dogtag Certificate System, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2010-3869

RHSA-2010:0837

RHSA-2010:0838

Affected Products

Dogtag Certificate System

Red Hat Certificate System

PT-2010-5130 · Red Hat · Dogtag Certificate System+1

CVE-2010-3869

Weakness Enumeration

Related Identifiers

Affected Products

References · 8