[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-2368Date: (C)2009-01-20   (M)2018-02-19


Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1021608
BID-33288
SECUNIA-33540
ADV-2009-0145
RHSA-2009:0006
RHSA-2009:0007
https://bugzilla.redhat.com/show_bug.cgi?id=452000
redhat-cs-debuglog-info-disclosure(48022)

CPE    1
cpe:/a:redhat:certificate_system:7.2
CWE    1
CWE-255

© SecPod Technologies