Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-5XV2-Q475-RWRH
HistoryMay 17, 2022 - 5:13 a.m.

Katello uses hard coded credential

2022-05-1705:13:13
Google
osv.dev
1

7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.

Related

nessus 2
veracode 1
prion 1
redhat 1
github 1
cve 1
cvelist 1
nvd 1
nessus
nessus
RHEL 6 : katello in Subscription Asset Manager (RHSA-2012:1187)
2013-01-24 00:00:00
RHEL 6 : katello (RHSA-2012:1186)
2024-04-27 00:00:00
veracode
veracode
Authentication Bypass
2019-01-15 08:56:05
prion
prion
Default configuration
2012-08-25 10:29:00
redhat
redhat
(RHSA-2012:1187) Important: katello security update
2012-08-21 00:00:00
github
github
Katello uses hard coded credential
2022-05-17 05:13:13
cve
cve
CVE-2012-3503
2012-08-25 10:29:52
cvelist
cvelist
CVE-2012-3503
2012-08-25 10:00:00
nvd
nvd
CVE-2012-3503
2012-08-25 10:29:52

7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON
Related for OSV:GHSA-5XV2-Q475-RWRH
nessus2veracode1prion1redhat1github1cve1cvelist1nvd1