Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:24477
HistoryApr 10, 2020 - 12:55 a.m.

Unauthenticated Access

2020-04-1000:55:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19

EPSS

0.006

Percentile

78.6%

JSON

pki allows unauthenticated access. The certificate authority allowed unauthenticated users to request the one-time PIN in an SCEP request to be decrypted. An attacker able to sniff an SCEP request from a network device could request the certificate authority to decrypt the request, allowing them to obtain the one-time PIN. With this update, the certificate authority only handles decryption requests from authenticated registration authorities.

Related

cve 1
cvelist 1
nvd 1
prion 1
nessus 1
redhat 1
cve
cve
CVE-2010-3868
2010-11-17 16:00:01
cvelist
cvelist
CVE-2010-3868
2010-11-17 15:00:00
nvd
nvd
CVE-2010-3868
2010-11-17 16:00:01
prion
prion
Authentication flaw
2010-11-17 16:00:00
nessus
nessus
RHEL 5 : pki (RHSA-2010:0838)
2024-04-21 00:00:00
redhat
redhat
(RHSA-2010:0838) Moderate: pki security and enhancement update
2010-11-08 00:00:00

EPSS

0.006

Percentile

78.6%

JSON
Related for VERACODE:24477
cve1cvelist1nvd1prion1nessus1redhat1