Vulnerability Description
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Certificate System | 7.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/33540Vendor Advisory
- http://securitytracker.com/id?1021608
- http://www.securityfocus.com/bid/33288
- http://www.vupen.com/english/advisories/2009/0145
- https://bugzilla.redhat.com/show_bug.cgi?id=452000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
- https://rhn.redhat.com/errata/RHSA-2009-0006.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2009-0007.html
- http://secunia.com/advisories/33540Vendor Advisory
- http://securitytracker.com/id?1021608
- http://www.securityfocus.com/bid/33288
- http://www.vupen.com/english/advisories/2009/0145
- https://bugzilla.redhat.com/show_bug.cgi?id=452000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
- https://rhn.redhat.com/errata/RHSA-2009-0006.htmlVendor Advisory
FAQ
What is CVE-2008-2368?
CVE-2008-2368 is a vulnerability with a CVSS score of 2.1 (LOW). Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files...
How severe is CVE-2008-2368?
CVE-2008-2368 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2368?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Certificate System.