Lucene search

RedhatCVE-2008-2368

HistoryJan 20, 2009 - 4:30 p.m.

CVE-2008-2368

2009-01-2016:30:00

CWE-255

redhat

web.nvd.nist.gov

red hat

certificate system

7.2

password storage

vulnerability

cleartext

weak permissions

nvd

cve-2008-2368

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Affected configurations

Nvd

Node

redhatcertificate_systemMatch7.2

VendorProductVersionCPE
redhatcertificate_system7.2cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	certificate_system	7.2	cpe:2.3:a:redhat:certificate_system:7.2:::::::*

References

secunia.com/advisories/33540

securitytracker.com/id?1021608

www.securityfocus.com/bid/33288

www.vupen.com/english/advisories/2009/0145

bugzilla.redhat.com/show_bug.cgi?id=452000

exchange.xforce.ibmcloud.com/vulnerabilities/48022

rhn.redhat.com/errata/RHSA-2009-0006.html

rhn.redhat.com/errata/RHSA-2009-0007.html

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-2368