[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

101924

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2368

Date: (C)2009-01-20   (M)2017-08-08 


Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

CVSS Score: 2.1Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1021608
BID-33288
SECUNIA-33540
ADV-2009-0145
RHSA-2009:0006
RHSA-2009:0007
https://bugzilla.redhat.com/show_bug.cgi?id=452000
redhat-cs-debuglog-info-disclosure(48022)

CPE    1
cpe:/a:redhat:certificate_system:7.2
CWE    1
CWE-255

© 2013 SecPod Technologies