katello is vulnerable to authentication bypass attacks. The vulnerability exists as the installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CPE | Name | Operator | Version |
---|---|---|---|
katello | eq | 0.3.3__1.el6_2 | |
katello | eq | 0.1.238__3.el6 | |
katello | eq | 0.1.307__1.el6 |
rhn.redhat.com/errata/RHSA-2012-1186.html
rhn.redhat.com/errata/RHSA-2012-1187.html
secunia.com/advisories/50344
www.securityfocus.com/bid/55140
access.redhat.com/knowledge/docs/en-US/CloudForms/1.0/html/Release_Notes/chap-Release_Notes-Updates.html#chap-Release_Notes-Updates-System_Engine
access.redhat.com/security/updates/classification/#important
github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3
github.com/Katello/katello/pull/499
rhn.redhat.com/errata/RHSA-2012-1186.html