Lucene search

K

Dogtag Security Vulnerabilities

cve
cve

CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing...

7.5CVSS

7.3AI Score

0.002EPSS

2018-07-26 01:29 PM
34
cve
cve

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks....

7.4CVSS

7AI Score

0.002EPSS

2019-10-14 08:15 PM
99