github - ghsa-hg35-p8x7-fw5f

ghsa-hg35-p8x7-fw5f

Vulnerability from github

Published

2022-05-17 05:45

Modified

2022-05-17 05:45

Details

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-3868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-17T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.",
  "id": "GHSA-hg35-p8x7-fw5f",
  "modified": "2022-05-17T05:45:55Z",
  "published": "2022-05-17T05:45:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
    },
    {
      "type": "WEB",
      "url": "https://fedorahosted.org/pki/changeset/1261"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42181"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1024697"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/69149"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2010-3868

Vulnerability from cvelistv5

Published

2010-11-17 15:00

Modified

2024-08-07 03:26

Severity

Summary

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.

References

URL	Tags
https://rhn.redhat.com/errata/RHSA-2010-0837.html	vendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/69149	vdb-entry, x_refsource_OSVDB
https://bugzilla.redhat.com/show_bug.cgi?id=648882	x_refsource_CONFIRM
https://rhn.redhat.com/errata/RHSA-2010-0838.html	vendor-advisory, x_refsource_REDHAT
http://securitytracker.com/id?1024697	vdb-entry, x_refsource_SECTRACK
https://fedorahosted.org/pki/changeset/1261	x_refsource_CONFIRM
http://secunia.com/advisories/42181	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2010:0837",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
          },
          {
            "name": "69149",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/69149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
          },
          {
            "name": "RHSA-2010:0838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
          },
          {
            "name": "1024697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024697"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fedorahosted.org/pki/changeset/1261"
          },
          {
            "name": "42181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-11-17T15:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2010:0837",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
        },
        {
          "name": "69149",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/69149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
        },
        {
          "name": "RHSA-2010:0838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
        },
        {
          "name": "1024697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024697"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fedorahosted.org/pki/changeset/1261"
        },
        {
          "name": "42181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42181"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3868",
    "datePublished": "2010-11-17T15:00:00Z",
    "dateReserved": "2010-10-08T00:00:00Z",
    "dateUpdated": "2024-08-07T03:26:12.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.