Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2368

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-2368
Last Modified 07 Mar 2011 10:09:04
Published 20 Jan 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2368

Summary

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Vulnerable Systems

Application

  • Redhat Certificate System 7.2


References

REDHAT - RHSA-2009:0007

REDHAT - RHSA-2009:0006

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=452000

XF - redhat-cs-debuglog-info-disclosure(48022)

VUPEN - ADV-2009-0145

BID - 33288

SECTRACK - 1021608

SECUNIA - 33540


Last Updated: 27 May 2016 10:47:50