CVE-2019-10136
spacewalk: Insecure computation of authentication signatures during user authentication
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
Se encontró que Spacewalk, en todas las versiones hasta la 2.8, no computaba de forma segura las sumas de comprobación de token del cliente. Un atacante con un conjunto de encabezados válidos, pero expirados y autenticados, podría mover algunos dígitos, extendiendo artificialmente la validez de la sesión sin modificar la suma de comprobación.
It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-07-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/109029 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2019-10136 | 2019-07-02 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1708696 | 2019-07-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.8 Search vendor "Redhat" for product "Satellite" and version "5.8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Spacewalk Search vendor "Redhat" for product "Spacewalk" | <= 2.9 Search vendor "Redhat" for product "Spacewalk" and version " <= 2.9" | - |
Affected
|