Vulnerabilities > CVE-2008-2368 - Credentials Management vulnerability in Redhat Certificate System 7.2

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

redhat

CWE-255

NVD

Published: 2009-01-20

Updated: 2017-08-08

Summary

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Certificate System 7.2	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Redhat

advisories

rhsa
id RHSA-2009:0006
rhsa
id RHSA-2009:0007

rpms

pkisetup-0:7.2.0-7
rhpki-ca-0:7.2.0-6
rhpki-common-0:7.2.0-16
rhpki-kra-0:7.2.0-5
rhpki-ocsp-0:7.2.0-5
rhpki-tks-0:7.2.0-5
rhpki-tps-0:7.2.0-8
pkisetup-0:7.3.0-14.el4
rhpki-ca-0:7.3.0-17.el4
rhpki-common-0:7.3.0-40.el4
rhpki-kra-0:7.3.0-13.el4
rhpki-ocsp-0:7.3.0-11.el4
rhpki-ra-0:7.3.0-67.el4
rhpki-tks-0:7.3.0-12.el4
rhpki-tps-0:7.3.0-23.el4
rhpki-util-0:7.3.0-20.el4

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References