Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3503

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-3503
Last Modified 21 Mar 2013 11:11:38
Published 25 Aug 2012 06:29:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3503

Summary

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.

Vulnerable Systems

Application

  • Katello 1.0


References

CONFIRM - https://github.com/Katello/katello/pull/499

CONFIRM - https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3

BID - 55140

REDHAT - RHSA-2012:1187

REDHAT - RHSA-2012:1186

SECUNIA - 50344


Last Updated: 27 May 2016 11:00:20