CVE-2008-5082
CVSS V2 Medium 6
CVSS V3 None
Description
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
Overview
- CVE ID
- CVE-2008-5082
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2009-01-30T19:30:00
- Last Modified Date
- 2017-08-08T01:33:06
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:redhat:_dogtag_certificate_system:1.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:S/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6
- Severity
- MEDIUM
- Exploitability Score
- 6.8
- Impact Score
- 6.4
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2008-5082 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5082 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 09:05:16 | Added to TrackCVE |