Vulnerabilities

CVE-2010-3868

by Fred · 17/11/2010

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.

Date published : 2010-11-17

https://bugzilla.redhat.com/show_bug.cgi?id=648882

https://fedorahosted.org/pki/changeset/1261

Similar

Tags: Cybersecurity Alert