CVE-2008-2368

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=452000
http://securitytracker.com/id?1021608
http://www.securityfocus.com/bid/33288
http://secunia.com/advisories/33540	Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-0006.html	Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-0007.html
http://www.vupen.com/english/advisories/2009/0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/48022

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*

Information

Published : 2009-01-20 08:30

Updated : 2017-08-07 18:30

NVD link : CVE-2008-2368

Mitre link : CVE-2008-2368

JSON object : View

CWE

CWE-255

Credentials Management Errors

Advertisement

Products Affected

redhat

certificate_system

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=452000", "tags": [], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1021608", "name": "1021608", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/33288", "name": "33288", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/33540", "name": "33540", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html", "name": "RHSA-2009:0006", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html", "name": "RHSA-2009:0007", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2009/0145", "name": "ADV-2009-0145", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022", "name": "redhat-cs-debuglog-info-disclosure(48022)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2368", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-01-20T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:30Z"}