CVE-2019-10136
spacewalk: Insecure computation of authentication signatures during user authentication
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
Se encontró que Spacewalk, en todas las versiones hasta la 2.8, no computaba de forma segura las sumas de comprobación de token del cliente. Un atacante con un conjunto de encabezados válidos, pero expirados y autenticados, podría mover algunos dígitos, extendiendo artificialmente la validez de la sesión sin modificar la suma de comprobación.
It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. An insecure computation issue was addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-07-02 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/109029 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2019-10136 | 2019-07-02 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1708696 | 2019-07-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.8 Search vendor "Redhat" for product "Satellite" and version "5.8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Spacewalk Search vendor "Redhat" for product "Spacewalk" | <= 2.9 Search vendor "Redhat" for product "Spacewalk" and version " <= 2.9" | - |
Affected
|