CVE-2010-3868
CVE-2010-3868
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://bugzilla.redhat.com/show_bug.cgi?id=648882http://secunia.com/advisories/42181http://securitytracker.com/id?1024697https://fedorahosted.org/pki/changeset/1261https://rhn.redhat.com/errata/RHSA-2010-0837.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0838.htmlhttp://www.osvdb.org/69149