GitHub Advisory DatabaseGHSA-5XV2-Q475-RWRHKatello uses hard coded credential
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
87.1%
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
Affected configurations
References
rhn.redhat.com/errata/RHSA-2012-1186.html
rhn.redhat.com/errata/RHSA-2012-1187.html
github.com/advisories/GHSA-5xv2-q475-rwrh
github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3
github.com/Katello/katello/pull/499
github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2012-3503.yml
nvd.nist.gov/vuln/detail/CVE-2012-3503
web.archive.org/web/20140806122239/secunia.com/advisories/50344
web.archive.org/web/20200229120740/www.securityfocus.com/bid/55140
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
87.1%