[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2368

Date: (C)2009-01-20   (M)2017-08-08
 
CVSS Score: 2.1Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Reference:
SECTRACK-1021608
BID-33288
SECUNIA-33540
ADV-2009-0145
RHSA-2009:0006
RHSA-2009:0007
https://bugzilla.redhat.com/show_bug.cgi?id=452000
redhat-cs-debuglog-info-disclosure(48022)

CPE    1
cpe:/a:redhat:certificate_system:7.2
CWE    1
CWE-255

© 2013 SecPod Technologies