Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5082

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-5082
Last Modified 07 Mar 2011 10:13:50
Published 30 Jan 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-5082

Summary

The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.

Vulnerable Systems

Application

  • Redhat Dogtag Certificate System 1.0

  • Redhat Certificate System 7.1

  • Redhat Certificate System 7.2

  • Redhat Certificate System 7.3


References

REDHAT - RHSA-2009:0007

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=475998

XF - redhat-cs-tps-security-bypass(48331)

VUPEN - ADV-2009-0145

BID - 33508

SECUNIA - 33693


Last Updated: 27 May 2016 10:48:42