CVE-2010-3868
System: unauthenticated user can request SCEP one-time PIN decryption
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.
Red Hat Certificate System (RHCS) v7.3 y v8 y Dogtag Certificate System no requieren autenticación en peticiones para descifrar PINs SCEP one-time, lo que permite a atacantes remotos la obtención de PINs rastreando el tráfico de red para peticiones SCEP y a continuación enviando peticiones de descifrado al componente Certificate Authority.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-10-08 CVE Reserved
- 2010-11-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1024697 | Vdb Entry | |
| http://www.osvdb.org/69149 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://fedorahosted.org/pki/changeset/1261 | 2010-11-18 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/42181 | 2010-11-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=648882 | 2010-11-08 | |
| https://rhn.redhat.com/errata/RHSA-2010-0837.html | 2010-11-18 | |
| https://rhn.redhat.com/errata/RHSA-2010-0838.html | 2010-11-18 | |
| https://access.redhat.com/security/cve/CVE-2010-3868 | 2010-11-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Certificate System Search vendor "Redhat" for product "Certificate System" | 7.3 Search vendor "Redhat" for product "Certificate System" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Certificate System Search vendor "Redhat" for product "Certificate System" | 8 Search vendor "Redhat" for product "Certificate System" and version "8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Dogtag Certificate System Search vendor "Redhat" for product "Dogtag Certificate System" | * | - |
Affected
| ||||||