Lucene search
Veracode Vulnerability DatabaseVERACODE:12516HistoryJan 15, 2019 - 9:18 a.m.
Authentication Bypass
2019-01-1509:18:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
EPSS
0.002
Percentile
52.3%
pki-core is vulnerable to authentication bypass attacks. The vulnerability exists as it was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
References
access.redhat.com/errata/RHSA-2017:2335
access.redhat.com/security/cve/CVE-2017-7537
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1469432
bugzilla.redhat.com/show_bug.cgi?id=1470817
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537
github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9
Related
nessus
nessus
Oracle Linux 7 : pki-core (ELSA-2017-2335)
2017-08-10 00:00:00
EulerOS 2.0 SP1 : pki-core (EulerOS-SA-2017-1183)
2017-09-08 00:00:00
RHEL 7 : pki-core (RHSA-2017:2335)
2017-08-02 00:00:00
redhatcve
redhatcve
CVE-2017-7537
2017-07-21 10:48:45
osv
osv
CVE-2017-7537
2018-07-26 13:29:00
openvas
openvas
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2017-1184)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2017-1183)
2020-01-23 00:00:00
RedHat Update for pki-core RHSA-2017:2335-01
2017-08-04 00:00:00
debiancve
debiancve
CVE-2017-7537
2018-07-26 13:29:00
nvd
nvd
CVE-2017-7537
2018-07-26 13:29:00
oraclelinux
oraclelinux
pki-core security update
2017-08-09 00:00:00
cvelist
cvelist
CVE-2017-7537
2018-07-26 13:00:00
redhat
redhat
(RHSA-2017:2335) Moderate: pki-core security update
2017-08-01 03:28:22
prion
prion
Hardcoded credentials
2018-07-26 13:29:00
ubuntucve
ubuntucve
CVE-2017-7537
2018-07-26 00:00:00
cve
cve
CVE-2017-7537
2018-07-26 13:29:00