Lucene search
PRIOn knowledge basePRION:CVE-2017-7537HistoryJul 26, 2018 - 1:29 p.m.
Hardcoded credentials
2018-07-2613:29:00
PRIOn knowledge base
www.prio-n.com
2
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dogtagpki | lt | 10.6.4 | |
| enterprise_linux_desktop | eq | 7.0 | |
| enterprise_linux_server | eq | 7.0 | |
| enterprise_linux_workstation | eq | 7.0 |
Related
redhat
redhat
(RHSA-2017:2335) Moderate: pki-core security update
2017-08-01 03:28:22
oraclelinux
oraclelinux
pki-core security update
2017-08-09 00:00:00
openvas
openvas
RedHat Update for pki-core RHSA-2017:2335-01
2017-08-04 00:00:00
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2017-1183)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2017-1184)
2020-01-23 00:00:00
cvelist
cvelist
CVE-2017-7537
2018-07-26 13:00:00
nessus
nessus
Oracle Linux 7 : pki-core (ELSA-2017-2335)
2017-08-10 00:00:00
EulerOS 2.0 SP1 : pki-core (EulerOS-SA-2017-1183)
2017-09-08 00:00:00
Scientific Linux Security Update : pki-core on SL7.x x86_64 (20170801)
2017-08-22 00:00:00
redhatcve
redhatcve
CVE-2017-7537
2017-07-21 10:48:45
osv
osv
CVE-2017-7537
2018-07-26 13:29:00
nvd
nvd
CVE-2017-7537
2018-07-26 13:29:00
cve
cve
CVE-2017-7537
2018-07-26 13:29:00
ubuntucve
ubuntucve
CVE-2017-7537
2018-07-26 00:00:00
debiancve
debiancve
CVE-2017-7537
2018-07-26 13:29:00
veracode
veracode
Authentication Bypass
2019-01-15 09:18:04