Lucene search

[email protected]CVE-2010-3868

HistoryNov 17, 2010 - 4:00 p.m.

CVE-2010-3868

2010-11-1716:00:01

CWE-287

[email protected]

web.nvd.nist.gov

cve-2010-3868

red hat

certificate system

rhcs

dogtag

authentication bypass

scep

pins

remote attack

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.6%

JSON

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.

Affected configurations

NVD

Node

redhatcertificate_systemMatch7.3

redhatcertificate_systemMatch8

Node

redhatdogtag_certificate_system

CPENameOperatorVersion
redhat:certificate_systemredhat certificate systemeq7.3
redhat:certificate_systemredhat certificate systemeq8

CPE	Name	Operator	Version
redhat:certificate_system	redhat certificate system	eq	7.3
redhat:certificate_system	redhat certificate system	eq	8

References

secunia.com/advisories/42181

securitytracker.com/id?1024697

www.osvdb.org/69149

bugzilla.redhat.com/show_bug.cgi?id=648882

fedorahosted.org/pki/changeset/1261

rhn.redhat.com/errata/RHSA-2010-0837.html

rhn.redhat.com/errata/RHSA-2010-0838.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.6%

JSON

Related for CVE-2010-3868

cvelist1 nvd1 veracode1 prion1 nessus1 redhat1