CVE-2008-5082
System: missing public key challenge proof verification in the TPS component
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
La función verifyProof en el componente Token Processing System (TPS) en Red Hat Certificate System (RHCS) v7.1 hasta v7.3 y Dogtag Certificate System v1.0 devuelve con éxito incluso cuando el token implicado no utiliza la clave hardware, lo cual permite a usuarios remotos autenticados con privilegios implicados evitar políticas de autenticación intencionadas implicándose con una clave software.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-11-14 CVE Reserved
- 2009-01-30 CVE Published
- 2023-03-20 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/33508 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/0145 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48331 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33693 | 2017-08-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=475998 | 2009-01-29 | |
| https://rhn.redhat.com/errata/RHSA-2009-0007.html | 2017-08-08 | |
| https://access.redhat.com/security/cve/CVE-2008-5082 | 2009-01-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Dogtag Certificate System Search vendor "Redhat" for product " Dogtag Certificate System" | 1.0 Search vendor "Redhat" for product " Dogtag Certificate System" and version "1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Certificate System Search vendor "Redhat" for product "Certificate System" | 7.1 Search vendor "Redhat" for product "Certificate System" and version "7.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Certificate System Search vendor "Redhat" for product "Certificate System" | 7.2 Search vendor "Redhat" for product "Certificate System" and version "7.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Certificate System Search vendor "Redhat" for product "Certificate System" | 7.3 Search vendor "Redhat" for product "Certificate System" and version "7.3" | - |
Affected
| ||||||