CVE-2008-5082

{"id": "CVE-2008-5082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-01-30T19:30:00.250", "references": [{"url": "http://secunia.com/advisories/33693", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/33508", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0145", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48331", "source": "secalert@redhat.com"}, {"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key."}, {"lang": "es", "value": "La funci\u00f3n verifyProof en el componente Token Processing System (TPS) en Red Hat Certificate System (RHCS) v7.1 hasta v7.3 y Dogtag Certificate System v1.0 devuelve con \u00e9xito incluso cuando el token implicado no utiliza la clave hardware, lo cual permite a usuarios remotos autenticados con privilegios implicados evitar pol\u00edticas de autenticaci\u00f3n intencionadas implic\u00e1ndose con una clave software.\r\n\r\n"}], "lastModified": "2017-08-08T01:33:06.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:_dogtag_certificate_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A527642-BFD2-4F3F-8ED9-A16D4280777B"}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A94B7103-11B7-4B1E-AE02-86210F9CCCAA"}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27FE079E-FB15-443C-BE2E-1D4C940BB8C0"}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2654E6A-190C-4D5C-ABC0-89011DD8E293"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}