Page 2 of 10 results (0.012 seconds)

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate. Red Hat Certificate System (RHCS) antes de v8.1.1 y Dogtag Certificate System no comprueban correctamente las solicitudes de revocación de certificados realizadas a través de la interfaz web, lo que permite revocar los certificados finales de entidad que revocan certificados de autoridad de certificación (CA) a atacantes remotos con permisos. • http://osvdb.org/84098 http://rhn.redhat.com/errata/RHSA-2012-1103.html http://secunia.com/advisories/50013 http://www.securityfocus.com/bid/54608 http://www.securitytracker.com/id?1027284 https://bugzilla.redhat.com/show_bug.cgi?id=836268 https://exchange.xforce.ibmcloud.com/vulnerabilities/77102 https://fedorahosted.org/pki/changeset/2430 https://access.redhat.com/security/cve/CVE-2012-3367 • CWE-310: Cryptographic Issues •

CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0

The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. La función verifyProof en el componente Token Processing System (TPS) en Red Hat Certificate System (RHCS) v7.1 hasta v7.3 y Dogtag Certificate System v1.0 devuelve con éxito incluso cuando el token implicado no utiliza la clave hardware, lo cual permite a usuarios remotos autenticados con privilegios implicados evitar políticas de autenticación intencionadas implicándose con una clave software. • http://secunia.com/advisories/33693 http://www.securityfocus.com/bid/33508 http://www.vupen.com/english/advisories/2009/0145 https://bugzilla.redhat.com/show_bug.cgi?id=475998 https://exchange.xforce.ibmcloud.com/vulnerabilities/48331 https://rhn.redhat.com/errata/RHSA-2009-0007.html https://access.redhat.com/security/cve/CVE-2008-5082 • CWE-287: Improper Authentication •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. Red Hat Certificate System v7.2 utiliza permisos legibles por todo el mundo para password.conf y otros ficheros de configuración sin especificar, lo que permite a usuarios locales descubrir contraseñas leyendo estos ficheros. • http://secunia.com/advisories/33540 http://securitytracker.com/id?1021608 http://www.securityfocus.com/bid/33288 http://www.vupen.com/english/advisories/2009/0145 https://bugzilla.redhat.com/show_bug.cgi?id=451998 https://exchange.xforce.ibmcloud.com/vulnerabilities/48021 https://rhn.redhat.com/errata/RHSA-2009-0006.html https://rhn.redhat.com/errata/RHSA-2009-0007.html https://access.redhat.com/security/cve/CVE-2008-2367 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. Red Hat Certificate System 7.2 almacena contraseñas en texto claro en el log UserDirEnrollment, el log RA wizard installer, y otros ficheros de log de errores sin especificar, y utiliza la debilidad en los permisos para esos ficheros, lo que permite a usuarios locales descubrir contraseñas leyendo los ficheros. • http://secunia.com/advisories/33540 http://securitytracker.com/id?1021608 http://www.securityfocus.com/bid/33288 http://www.vupen.com/english/advisories/2009/0145 https://bugzilla.redhat.com/show_bug.cgi?id=452000 https://exchange.xforce.ibmcloud.com/vulnerabilities/48022 https://rhn.redhat.com/errata/RHSA-2009-0006.html https://rhn.redhat.com/errata/RHSA-2009-0007.html https://access.redhat.com/security/cve/CVE-2008-2368 • CWE-255: Credentials Management Errors •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. Red Hat PKI Common Framework (rhpki-common) de Red Hat Certificate System (también conocido como Certificate Server o RHCS) 7.1 hasta 7.3, y Netscape Certificate Management System 6.x; no reconocen las restricciones de perfil de la Autoridad Certificadora en Extensions, esto puede permitir a atacantes remotos evitar las restricciones pretendidas y realizar ataques de hombre-en-medio (man-in-the-middle) al enviar una Solicitud de Firma de Certificado (certificate signing request (CSR)) y utilizar el certificado resultante. • http://rhn.redhat.com/errata/RHSA-2008-0500.html http://rhn.redhat.com/errata/RHSA-2008-0577.html http://secunia.com/advisories/30929 http://www.securityfocus.com/bid/30062 http://www.securitytracker.com/id?1020427 https://bugzilla.redhat.com/show_bug.cgi?id=445227 https://exchange.xforce.ibmcloud.com/vulnerabilities/43573 https://access.redhat.com/security/cve/CVE-2008-1676 • CWE-255: Credentials Management Errors CWE-297: Improper Validation of Certificate with Host Mismatch •