← back
CVE-2010-3868

CVE-2010-3868

EPSS 1.3%
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=648882http://secunia.com/advisories/42181http://securitytracker.com/id?1024697https://fedorahosted.org/pki/changeset/1261https://rhn.redhat.com/errata/RHSA-2010-0837.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0838.htmlhttp://www.osvdb.org/69149