Red Hat Certificate System rhpki-common Security Bypass Weakness
BID:30062
Info
Red Hat Certificate System rhpki-common Security Bypass Weakness
| Bugtraq ID: | 30062 |
| Class: | Design Error |
| CVE: |
CVE-2008-1676 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 02 2008 12:00AM |
| Updated: | Mar 05 2009 05:06PM |
| Credit: | The vendor |
| Vulnerable: |
Redhat Certificate Server 7.3 Redhat Certificate Server 7.2 |
| Not Vulnerable: | |
Discussion
Red Hat Certificate System rhpki-common Security Bypass Weakness
Red Hat Certificate System (RHCS) is prone to a security-bypass weakness because of a flaw in 'rhpki-common' (Red Hat PKI Common Framework) when handling certificate signing requests (CSR). Attackers can leverage this flaw to bypass security policies.
Successful exploits will aid in man-in-the-middle attacks against users that trust RHCS-managed Certificate Authorities.
Red Hat Certificate System (RHCS) is prone to a security-bypass weakness because of a flaw in 'rhpki-common' (Red Hat PKI Common Framework) when handling certificate signing requests (CSR). Attackers can leverage this flaw to bypass security policies.
Successful exploits will aid in man-in-the-middle attacks against users that trust RHCS-managed Certificate Authorities.
Exploit / POC
Red Hat Certificate System rhpki-common Security Bypass Weakness
Attackers can exploit this issue using an application that relies on RHCS.
Attackers can exploit this issue using an application that relies on RHCS.
Solution / Fix
Red Hat Certificate System rhpki-common Security Bypass Weakness
Solution:
The vendor has released advisories and patches. Please see the references for more information.
Solution:
The vendor has released advisories and patches. Please see the references for more information.
References
Red Hat Certificate System rhpki-common Security Bypass Weakness
References:
References: