Lucene search

[email protected]CVE-2008-2368

HistoryJan 20, 2009 - 4:30 p.m.

CVE-2008-2368

2009-01-2016:30:00

CWE-255

[email protected]

web.nvd.nist.gov

red hat

certificate system

7.2

password storage

vulnerability

cleartext

weak permissions

nvd

cve-2008-2368

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Affected configurations

NVD

Node

redhatcertificate_systemMatch7.2

CPENameOperatorVersion
redhat:certificate_systemredhat certificate systemeq7.2

CPE	Name	Operator	Version
redhat:certificate_system	redhat certificate system	eq	7.2

References

secunia.com/advisories/33540

securitytracker.com/id?1021608

www.securityfocus.com/bid/33288

www.vupen.com/english/advisories/2009/0145

bugzilla.redhat.com/show_bug.cgi?id=452000

exchange.xforce.ibmcloud.com/vulnerabilities/48022

rhn.redhat.com/errata/RHSA-2009-0006.html

rhn.redhat.com/errata/RHSA-2009-0007.html

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-2368

nvd1 cvelist1 prion1