ByteOS Network

NVD Vulnerability Details :

CVE-2008-2368

Modified

Source-secalert@redhat.com

Published At-20 Jan, 2009 | 16:30

Updated At-08 Aug, 2017 | 01:30

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:L/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Red Hat, Inc.

>>certificate_system>>7.2

cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-255	Primary	nvd@nist.gov

CWE ID: CWE-255

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/33540	secalert@redhat.com	Vendor Advisory
http://securitytracker.com/id?1021608	secalert@redhat.com	N/A
http://www.securityfocus.com/bid/33288	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2009/0145	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=452000	secalert@redhat.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/48022	secalert@redhat.com	N/A
https://rhn.redhat.com/errata/RHSA-2009-0006.html	secalert@redhat.com	Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-0007.html	secalert@redhat.com	N/A