PT-2022-10465 · Unknown+5 · Dogtag Ca Manager+5

Pedro Sampaio

Published

2021-06-03

Updated

2022-04-28

CVE-2021-3551

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dogtag CA manager (affected versions not specified)

Description A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

ALT-PU-2021-2038

ALT-PU-2021-2860

ALT-PU-2022-1784

CESA-2021_2235

CVE-2021-3551

RHSA-2021:2235

RHSA-2021_2235

RLSA-2021:2235

Affected Products

Alt Linux

Centos

Debian

Dogtag Ca Manager

Red Hat

Rocky Linux

PT-2022-10465 · Unknown+5 · Dogtag Ca Manager+5

CVE-2021-3551

Weakness Enumeration

Related Identifiers

Affected Products

References · 13