CVE Vulnerability

CVE-2008-2368

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=452000
http://securitytracker.com/id?1021608
http://www.securityfocus.com/bid/33288
http://secunia.com/advisories/33540 Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-0006.html Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-0007.html
http://www.vupen.com/english/advisories/2009/0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
Configurations

Configuration 1

cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
Information

Published : 2009-01-20 04:30

Updated : 2017-08-08 01:30

NVD link : CVE-2008-2368

Mitre link : CVE-2008-2368

Products Affected
No products.
CWE
CWE-255