[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112994

 
 

909

 
 

87812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-7537Date: (C)2018-07-26   (M)2018-09-07


It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

Reference:
RHSA-2017:2335
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537
https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9

OVAL    2
oval:org.secpod.oval:def:502113
oval:org.secpod.oval:def:1501975

© SecPod Technologies