Certificate System Security Vulnerabilities and Issues — Certificate System CVE List

Lucene search

RedhatCertificate System

4 matches found

CVE•added 2009/05/27 4:30 p.m.•51 views

CVE-2009-0588

agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.

6.5CVSS6.5AI score0.00461EPSS

CVE•added 2009/01/30 7:30 p.m.•40 views

CVE-2008-5082

The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privil...

6CVSS6.7AI score0.00196EPSS

CVE•added 2009/01/20 4:30 p.m.•38 views

CVE-2008-2367

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.

2.1CVSS6.6AI score0.00034EPSS

CVE•added 2009/01/20 4:30 p.m.•38 views

CVE-2008-2368

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

2.1CVSS6.6AI score0.00034EPSS